Prerequisites
F5 BIG-IP and PingIntelligence sideband integration was tested with F5 BIG-IP TMOS with node.js v6.9.1. If you are using any other version of F5, contact Ping Identity support for help.
F5 prerequisites:
-
F5 BIG-IP with v13.1.0.8 software.
-
Knowledge of iRules LX in F5. Refer the F5 documentation for information on iRules.
-
A Virtual Server is configured to front-end the incoming traffic. Make sure to apply HTTP profile to the virtual server.
-
A valid F5 BIG-IP license and iRules LX is enabled in your setup.
PingIntelligence prerequisites:
This section assumes that you have installed and configured PingIntelligence software. For more information on PingIntelligence installation, see PingIntelligence setup or PingIntelligence manual deployment
-
Download the PingIntelligence policy from the download site.
-
Verify that ASE is in sideband mode: Log in to your ASE machine and check that ASE is in
sidebandmode by running the followingstatuscommand:/opt/pingidentity/ase/bin/cli.sh status API Security Enforcer status : started mode : sideband http/ws : port 80 https/wss : port 443 firewall : enabled abs : enabled, ssl: enabled abs attack : disabled audit : enabled sideband authentication : disabled ase detected attack : disabled attack list memory : configured 128.00 MB, used 25.60 MB, free 102.40 MB
If ASE is not in
sidebandmode, then stop ASE and change the mode by editing the/opt/pingidentity/ase/config/ase.conffile. Setmodeassidebandand start ASE. -
Enable sideband authentication: For secure communication between F5 BIG-IP and ASE, enable sideband authentication by entering the following ASE command:
# ./bin/cli.sh enable_sideband_authentication -u admin –p admin
-
Generate sideband authentication token
A token is required for BIG-IP to authenticate with ASE. To generate the token in ASE, enter the following command in the ASE command line:
# ./bin/cli.sh -u admin -p admin create_sideband_token
Save the generated authentication token for further use in Import and configure PingIntelligence policy