F5 LTM Advanced prerequisite configuration

To enable Trust Protection Platform to provision certificates on BIG-IP F5 appliances, you must complete the following high-level tasks:

 For Trust Protection Platform:

  1. Make sure that your version of F5 is compatible with the version of Trust Protection Platform you're using.

    For compatibility information, see TrustForce: certificate installation (provisioning) driver support.

  2. Assign the Resource Administrator role to the user account that Trust Protection Platform uses to authenticate to the F5 appliance.

    For more information, see F5 LTM Advanced permission requirements.

  3. Open access to the HTTPS port.

    Trust Protection Platform uses the iControl protocol to manage certificates on BIG-IP F5 appliances. The iControl protocol uses the HTTPS port; therefore, Trust Protection Platform must have access to the HTTPS port. The default HTTPS port is port 443.

For F5:

  1. Using the BIG-IP web-based Configuration utility, create a pool that contains IP addresses of the content server nodes.

    For more information, refer to your F5 documentation.

  2. On a F5 LTM Partition, create a virtual server that references the pool that is load balancing the SSL connections.

    For more information, refer to your F5 documentation.

  3. (Conditional) If Basic Provisioning is being used, you must create the client and/or Server SSL Profiles necessary to support your application architecture. Client SSL Profiles define how F5 handles communications with clients such as web browsers. Server SSL Profiles define how the F5 interacts with content server nodes. Certificates are assigned to both SSL Profile types.

    For more information, refer to your F5 documentation.

  4. In Trust Protection Platform's Policy Tree, create a Device object for the machine where the F5 appliance resides.

    For more information, see Creating a device object in the Policy Tree.

  5. In the Policy Tree, create and configure an application object for the F5 appliance.

    For more information on creating Application objects, see Creating an application.

  6. In the Policy Tree, associate the F5 Application object with the certificates installed on the BIG-IP F5 appliance.

    For more information, see Associating a certificate with an application from the certificate object.

What's Next?

To see the limitations of the F5 LTM Advanced driver and Trust Protection Platform, see Configuring an F5 LTM Advanced application object.

Related Topics Link IconRelated Topics