PingIntelligence

Preparing to deploy the PingIntelligence policy

Before deploying the PingIntelligence policy, complete the following steps.

About this task

The F5 BIG-IP and PingIntelligence sideband integration was tested with F5 BIG-IP TMOS with Node.js v6.9.1. If you are using any other version of F5, contact Ping Identity support for help.

Before deploying the PingIntelligence policy:

Steps

  1. Install and configure the following:

    1. F5 BIG-IP with v13.1.0.8 software.

    2. Knowledge of iRules LX in F5. Refer to the F5 documentation for information on iRules.

    3. A virtual server to front-end the incoming traffic. Make sure to applythe HTTP profile to the virtual server.

    4. A valid F5 BIG-IP license and iRules LX enabled in your setup.

  2. Install and configure the PingIntelligence software.

    For more information, see PingIntelligence automated deployment for virtual machines and servers or PingIntelligence manual deployment.

  3. Download the PingIntelligence policy from the Ping Identity Downloads site.

  4. Sign on to your ASE machine and verify that ASE is in sideband mode by running the following status command:

    /opt/pingidentity/ase/bin/cli.sh status

    Result:

    API Security Enforcer
status                  : started
 mode : sideband
http/ws                 : port 80
https/wss               : port 443
firewall                : enabled
abs                     : enabled, ssl: enabled
abs attack              : disabled
audit                   : enabled
sideband authentication : disabled
ase detected attack     : disabled
attack list memory      : configured 128.00 MB, used 25.60 MB, free 102.40 MB

    Troubleshooting:

    If ASE is not in sideband mode, then stop ASE and change the mode by editing the /opt/pingidentity/ase/config/ase.conf file. Set mode as sideband and start ASE.

  5. For secure communication between F5 BIG-IP and ASE, enable sideband authentication by entering the following ASE command:

    # ./bin/cli.sh enable_sideband_authentication -u admin –p admin

  6. To generate the token in ASE, enter the following command in the ASE command line and save the generated authentication token for further use in Importing and configuring the PingIntelligence policy.

    A token is required for BIG-IP to authenticate with ASE.

    # ./bin/cli.sh -u admin -p admin create_sideband_token