Forum Discussion

Stefan_Klotz's avatar
Stefan_Klotz
Icon for Cumulonimbus rankCumulonimbus
Jun 12, 2014

BIG-IP WebGUI via APM Portal Access

Hi,

 

We have built up a LAB with a APM in front of it. As of now we just have Network Access configured to have our internal LAB networks available to the outside and several Weblinks to our BIG-IPs. But this only works after you are successfully connected to the VPN. So the idea and question is now, is it possible to connect to the WebGUI of our BIG-IPs through the APM. I think the only possible way would be the Portal Access, but I didn't get it working. So in case it is possible, can someone provide the required steps to get this working?

 

btw. the APM is running with 11.5.1 HF2

 

Thank you!

 

Ciao Stefan :)

 

APM
deployment
security

5 Replies

Sort By
  • Matt_Dierick's avatar
    Matt_Dierick
    Icon for Employee rankEmployee
    Jun 12, 2014

    Hi Stefan,

     

    You do right. You need a portal access on your webtop full. You need to set your DNS setting in the BIGIP so that APM resolve your portal access ressource. It's straight forward.

     

    Check logs as well in SSH --> tail - f /var/log/apm

     

    Let me know.

     

  • Stefan_Klotz's avatar
    Stefan_Klotz
    Icon for Cumulonimbus rankCumulonimbus
    Jun 12, 2014

    Hi Matthieu,

     

    For you it's maybe straight forward, but I still struggling with some parameters. And your remark with the DNS server also brings more question marks than light into the dark.

     

    Regarding the settings, can you maybe explain the function/difference of the Portal Access configuration items (Link Type & Application URI) and the Resource Item (Destination & Paths)?

     

    As of now I have entered the following values:

     

    Link Typ: Application URI

     

    Application URI: https://bigip3.f5-lab.local

     

    Destination: bigip3.f5-lab.local

     

    Paths: *

     

    The APM is able to resolve the bigip3.f5-lab.local to the correct IP-address.

     

    Thank you for your help and detailed information.

     

    Ciao Stefan :)

     

  • Matt_Dierick's avatar
    Matt_Dierick
    Icon for Employee rankEmployee
    Jun 12, 2014

    Stefan,

     

    First of all, if the bigip is able to resolve the DNS, it's a good news. A portal access is a reverse proxy. Portal access rewrite content from the back end to the front end. I mean, if the Virtual Server has https://external.mysite.com and your internal ressource (the application URI) has http://internal.mydomain.local, then the BIGIP will rewrite like that https://external.mysite.com/f5-w-5435636546345xxxxxxx

     

    So, the link type is your internal URL. Can you confirm bigip3.f5-lab.local is a Web Service (on internal BIGIP or a Web Server) ???

     

    The ressources items, at the bottom, are not mandatory. You can use it if you want to specify specific SSO or compression for a specific/dedicated path. Keep them empty at the moment.

     

    To finish, in your VPE, assign your portal access and a Full Webtop. Last point : did you assign a Server SSL profile on your VS ? It seems your portal access is on 443.

     

    Let me know the result. Do you see the rewrite (f5-w-3242345435) ???

     

  • Stefan_Klotz's avatar
    Stefan_Klotz
    Icon for Cumulonimbus rankCumulonimbus
    Jun 13, 2014

    Hi Matthieu,

     

    now I can confirm it's straight forward ;)

     

    The Server SSL profile did the trick, thanks for that hint. I'm embarrassed that I didn't realized this. Now I have to check to get SSO working.

     

    btw. my bigip3.f5-lab.local is the WebGUI of another BIG-IP in our LAB.

     

    Ciao Stefan :)

     

  • Matt_Dierick's avatar
    Matt_Dierick
    Icon for Employee rankEmployee
    Jun 13, 2014

    Good News. For SSO, if it is a Form Based (login password on the webpage), have a look on the template OWA in APM SSO Form Based.

     

    The only way to set your form based SSO, is to take traces with HTTP watch when accessing directly to the web service (without APM). HTTP Watch will provide you with the POST url and the parameters needed (hidden parameters as well).

     

    Ciao.