F5 Big-Ip
Supported Features
The integration currently supports the following features:
- SAML
- Radius
Configuration du VPN Big-Ip (SAML)
Before we start, we consider that the Standard Network Configuration of Big-Ip has already been done, please be sure to have a functional VPN
Note: For a Web Portal authentication the VPN config must include the Full Webtop Mode
First of all, in the Trustelem app settings, enable the authentication method you want to use
Configuration de Big-Ip
-
In the main tab, click on Access > Federation > SAML Service Provider > Local SP Services
-
Click on Create
-
Give a name to your Service Provider, in the Entity ID field put your Virtual Server's external IP
-
Click on Ok
-
-
In the main tab, click on Access > Federation > SAML Service Provider > External IdP Connectors
-
Download the metadata
-
Click on the arrow on the right of Create and select From Metadata
-
Click on Browse, select the previously downloaded metadata file and give a name to your IdP
-
Click on Ok
-
-
In the main tab, click on Access > Federation > SAML Service Provider > Local SP Services
-
Select the existing SP and click on Bind/Unbind IdP Connectors
-
Click on Add New Row, in the SAML IdP Connectors drop-down, click on the previously created entry
-
Click on Update, then click on Ok
-
-
In the main tab, click on Access > Profiles/Policies > Access Profiles (Per-Session Policies)
-
click on Edit, on your VPN access policy row
-
A diagram appears, delete the Logon Page and Advanced Resource Assign steps with x then Delete button
-
Click on the + between Start and Allow and in the Authentication tab, select SAML Auth and click on Add Item
-
In the AAA Server Drop-down list, select the SAML SP you created previously and click on save
-
Between SAML Auth and Allow, click on + and in the Assignment tab, add the Advanced Resource Assign item
-
Click on Add Entry then Add/Delete. In Network Access and Webtop tabs, respectively select your VPN Network Access and Webtop then click on Update
-
On the Big-Ip page header, click on Apply Access Policy
-
Trustelem Configuration
- In the Entity ID field, put your Virtual Server public IP address
Big-Ip VPN Configuration (RADIUS)
Before we start, we consider that the Standard Network Configuration of Big-Ip has already been done, please be sure to have a functional VPN
Note: For a Web Portal authentication the VPN config must include the Full Webtop Mode
First of all, in the Trustelem app settings, enable the authentication method you want to use
Trustelem Configuration
-
Go on the Service tab and be sure that you have a correctly configured TrustelemConnect connector
-
Define a secret then copy it
Big-Ip Configuration
-
In the main tab click on Access > Authentication > Radius
- click on Create
- Give a name to your server, in Mode select Authentication and select Direct in Server Connection
- In the Server Address field, put the IP address of the server on which is running TrustelemConnect and put 1812 in the Port field
- In the Secret and Confirm Secret fields, paste the Secret you copied beforehand
- Next to Character Set select Utf-8 then click on Finished
-
In the main tab, click on Access > Profiles/Policies > Access Profiles (Per-Session Policies)
- click on Edit, on your VPN access policy row
- Click on the + between Logon Page and Advanced Resource Assign then in the Authentication tab, select RADIUS Auth
- Click on Add Item then select your freshly created AAA Server. click on Save
- On the Big-Ip page header, click on Apply Access Policy