Wednesday, 5 September 2012

F5 BigIP - NetIQ Access Manager monitors

Vacations have ended and its back to work...

Lets create some monitors for the master proxies of the Access Manager we have setup so we don't leave it to the default icmp_gateway health check.

Assumptions:


  • You have configured your Admin consoles, Identity servers, Access Gateways 
  • You have added one http and one https reverse proxy in the Gateways (so the parent proxies exist at least..)
  • You have created two vIPs on the F5s pointing to each Pool of the IPs of each proxy

Monitors:

  • Go to your F5 Admin GUI login and go to Local Traffic -> Monitors -> Create
  • Name: Access_Gateway_HTTPS_Monitor 
  • Select type: HTTPS
  • Leave defaults for all fields except 
  • Send String should be:   GET /nesp/app/heartbeat HTTP/1.1\r\nHost: <hostname-of-your-https-proxy-parent>\r\nConnection: Keepalive\r\n\r\n
  • Receive String should be:  Success
  • Click Finished
  • Go to the http pool and add it as a Monitor
  • Follow same steps for http only changing the type and the hostname of the parent proxy


Done :)

1 comment:

  1. Good info on configuring F5 with Access Manager. Had a customer just upgrade to AM 3.2 SP2 and when hitting the IdS via the F5, we're getting back incorrect content type (application/octet-stream). Going direct to IdS is fine. Wondering if you had any ideas on that? Thanks.

    Matt

    ReplyDelete