F5 BIG-IP and PingIntelligence sideband integration was tested with F5 BIG-IP TMOS with node.js v6.9.1. If you are using any other version of F5, contact Ping Identity support for help.
- F5 BIG-IP with v188.8.131.52 software.
- Knowledge of iRules LX in F5. Refer the F5 documentation for information on iRules.
- A Virtual Server is configured to front-end the incoming traffic. Make sure to apply HTTP profile to the virtual server.
- A valid F5 BIG-IP license and iRules LX is enabled in your setup.
This section assumes that you have installed and configured PingIntelligence software. For more information on PingIntelligence installation, see PingIntelligence setup or PingIntelligence manual deployment
- Download the PingIntelligence policy from the download site.
Verify that ASE is in sideband mode: Log in to your ASE machine and check that ASE is in
sidebandmode by running the following status command:
If ASE is not in
/opt/pingidentity/ase/bin/cli.sh status API Security Enforcer status : started mode : sideband http/ws : port 80 https/wss : port 443 firewall : enabled abs : enabled, ssl: enabled abs attack : disabled audit : enabled sideband authentication : disabled ase detected attack : disabled attack list memory : configured 128.00 MB, used 25.60 MB, free 102.40 MB
sidebandmode, then stop ASE and change the mode by editing the
sidebandand start ASE.
Enable sideband authentication: For secure communication between F5 BIG-IP
and ASE, enable sideband authentication by entering the following ASE
# ./bin/cli.sh enable_sideband_authentication -u admin –p admin
Generate sideband authentication token
A token is required for BIG-IP to authenticate with ASE. To generate the token in ASE, enter the following command in the ASE command line:Save the generated authentication token for further use in Import and configure PingIntelligence policy
# ./bin/cli.sh -u admin -p admin create_sideband_token