How To's - Configure F5 for Remote User Authentication and Authorization with ISE (Radius)
Hi there, in this post we are going to configure F5 to authenticate administrators using Radius. We’ll be using ISE as the authentication server.
This lab assumes you already have ISE, MS AD and F5 deployed. You can read my previous posts if you would like to know more about it.
Let’s begin with F5 by configuring Radius as the authentication method by going to System > Users > Authentication
Next will create two Remote Role Groups, one for Administrators and the other for Operators. Navigate to System > Users > Remote Role Groups > Create
Now let’s add F5 as NAD on ISE by going to Administration > Network Resources > Network Devices > Add
Now we have to upload F5 VSAs (vendor specific attributes) into ISE as a dictionary. You can get the file from F5, I'll share the link in reference section.
Save the F5 VSA as txt file and import on ISE by going to Policy > Policy Elements > Dictionaries > Radius > Radius Vendors > Import
Now let’s create two authorization profiles. One for Administrator and the other for Operators, by going to Policy > Policy Elements > Results > Authorization > Authorization Profiles > Add
Finally let’s create the authorization and authentication policies by going to Policy > Policy Sets > Default. As for authentication policy leave it as the default, and add two authorization policies for each authorization profile.
Now let’s test by login into F5.
And we have successfully configured F5 to authenticate administrator using ISE.
I hope you enjoyed this post, leave your comments below and I'll see you on the next one.
Reference:
https://support.f5.com/csp/article/K14324
Senior system engineer
1 年Perfect.
Network Engineer
3 年It is very helpful,Thanks Silesio!
IT & OT Critical Infrastructure Cybersecurity Consultant | CISSP, CISA, CISM, CRISC, CCNP, PCNSE, ISO 27001 LI, APMG ISACA & PECB Accredited Trainer
4 年Just in time, amazing work Silésio ????