APM Policy chaining

Hello: We are trying to implement APM for our external facing applications but the issue for us is that our security team doesnt allow us to talk to ldap from within DMZ, that request has to make another hop, two firewalls down and from there it can talk to ldap and authenticate. We do this using a homegrown application right now but looking to replace with APM.

This is how the flow right now: Client-->LTM in DMZ redirects to an app-->App captures creds using forms-->Sends them down to another app in trusted zone-->App in TDMZ (Trusted DMZ)-->LDAP and upon success returns all the way back.

We are trying to simplicy using this flow Client-->LTM/APM in DMZ-->LTM/APM in TDMZ-->LDAP

Not sure if this is even feasible, to chain APM policies. I tried to create a basic policy at the first hop which simply captures the creds and forwards to another VIP using pool assign but I am stuck to figure out how the first ltm would know if the creds are authenticated. I am totally down for iRule but just need some direction.

As always, appreciate the Devcentral community for your help.

APM

application delivery

Forum Discussion

APM Policy chaining

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

Port Group on F5OS network setting

Advise on setting up IRULE

F5 iRule to replace host to path

google-visualization-issues

Related Content

APM Cookbook: SAML IdP Chaining

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

expression in an APM policy

Harnessing the power of F5 BIG-IP Access Policy Manager (APM) and Microsoft

F5 BIG-IP Access Policy Manager (APM) - Idp integration - Cisco vManage