PingIntelligence

Prerequisites

F5 BIG-IP and PingIntelligence sideband integration was tested with F5 BIG-IP TMOS with node.js v6.9.1. If you are using any other version of F5, contact Ping Identity support for help.

F5 prerequisites:

  • F5 BIG-IP with v13.1.0.8 software.

  • Knowledge of iRules LX in F5. Refer the F5 documentation for information on iRules.

  • A Virtual Server is configured to front-end the incoming traffic. Make sure to apply HTTP profile to the virtual server.

  • A valid F5 BIG-IP license and iRules LX is enabled in your setup.

PingIntelligence prerequisites:

This section assumes that you have installed and configured PingIntelligence software. For more information on PingIntelligence installation, see PingIntelligence setup or PingIntelligence manual deployment

  • Download the PingIntelligence policy from the download site.

  • Verify that ASE is in sideband mode: Log in to your ASE machine and check that ASE is in sideband mode by running the following status command:

    /opt/pingidentity/ase/bin/cli.sh status
    API Security Enforcer
    status                  : started
     mode : sideband
    http/ws                 : port 80
    https/wss               : port 443
    firewall                : enabled
    abs                     : enabled, ssl: enabled
    abs attack              : disabled
    audit                   : enabled
    sideband authentication : disabled
    ase detected attack     : disabled
    attack list memory      : configured 128.00 MB, used 25.60 MB, free 102.40 MB

    If ASE is not in sideband mode, then stop ASE and change the mode by editing the /opt/pingidentity/ase/config/ase.conf file. Set mode as sideband and start ASE.

  • Enable sideband authentication: For secure communication between F5 BIG-IP and ASE, enable sideband authentication by entering the following ASE command:

    # ./bin/cli.sh enable_sideband_authentication -u admin –p admin
  • Generate sideband authentication token

    A token is required for BIG-IP to authenticate with ASE. To generate the token in ASE, enter the following command in the ASE command line:

    # ./bin/cli.sh -u admin -p admin create_sideband_token

    Save the generated authentication token for further use in Importing and configuring the PingIntelligence policy