- Flexera Community
- :
- App Broker
- :
- App Broker Forum
- :
- F5 to handle SSL for App Portal
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
We are moving to new infrastructure and our cyber security department is now handling SSL certificates on an F5. I was told that the F5 will communicate to the App Portal servers via port 80 http, the users will hit the F5 using https.
I'm wondering if anyone has a similiar setup and are there any gotchas? I am also wondering how you handled images in email notifications. In the email notification html we have images currently pointing to the app portal server (no F5 in front). When we move to the new infrastructure with the F5 do we still point the images to the backend app portal server since the images are stored there? For example right now my notification have the source as img alt="" src="https://FQDN/ESD/Images/Customer/custom.jpg" Do I just need to use the new server name with http since that is where the images reside?
Thanks for any input or gotchas you have run across
Mar 23, 2022 03:03 PM
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @TeriStevenson this is how my customer's network is setup. I can provide a more detailed response tomorrow morning and I will also check on your email question. I believe you will still point to the same FQDN.
We have our F5 setup with a profile for the backend server which includes a VIP (virtual IP), DNS Alias, Server IP, Server FQDN, and SSL Profile.
When the clients connect to the App Portal site they hit the F5 over 443 using the DNS Alias. This traffic is routed from the F5 to the App Portal server. If you ping the App Portal DNS Alias from the user domain you will receive an ACK back with the virtual IP. If you ping the App Portal server from the backend behind the F5 you get the actual IP address.
The only real gotcha that we have seen is that you need to create a firewall rule from the app portal server to the virtual IP. If you don't you will get hundreds of RefreshCache errors daily because there are some backend processes for the mobile apm site where app portal essentially reaches out to itself. If you dont have that firewall rule in place youll get flooded with these errors.
You'll also need to make sure that if you are setting up any ITSM integrations with Remedy you will need to set the Site DNS Alias in Admin > Site Management > Website back to the hostname of the app portal server when you go to create the default operations. Once those are created you can set that back to the DNS Alias.
I'll check on the email images piece for you tomorrow and respond back with anything else I remember.
Mar 23, 2022 03:21 PM
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @TeriStevenson this is how my customer's network is setup. I can provide a more detailed response tomorrow morning and I will also check on your email question. I believe you will still point to the same FQDN.
We have our F5 setup with a profile for the backend server which includes a VIP (virtual IP), DNS Alias, Server IP, Server FQDN, and SSL Profile.
When the clients connect to the App Portal site they hit the F5 over 443 using the DNS Alias. This traffic is routed from the F5 to the App Portal server. If you ping the App Portal DNS Alias from the user domain you will receive an ACK back with the virtual IP. If you ping the App Portal server from the backend behind the F5 you get the actual IP address.
The only real gotcha that we have seen is that you need to create a firewall rule from the app portal server to the virtual IP. If you don't you will get hundreds of RefreshCache errors daily because there are some backend processes for the mobile apm site where app portal essentially reaches out to itself. If you dont have that firewall rule in place youll get flooded with these errors.
You'll also need to make sure that if you are setting up any ITSM integrations with Remedy you will need to set the Site DNS Alias in Admin > Site Management > Website back to the hostname of the app portal server when you go to create the default operations. Once those are created you can set that back to the DNS Alias.
I'll check on the email images piece for you tomorrow and respond back with anything else I remember.
Mar 23, 2022 03:21 PM
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can I bother you one more time? I'm having an issue with the F5 to the backend where the home page doesn't load the welcome notification all the time. My F5 folks are asking if you can tell us what HTTP Profile you used? We may need to change ours. We are usng HTTP but they're wondering if its needs to be a different profile. Attaching a screenshot
Apr 05, 2022 06:02 PM
- Re-enable archived catalog item in App Broker Forum
- SQL Query to list Catalog items with visibility restrictions and associated groups/users in App Broker Forum
- Error while adding software for installation which require approval after App Portal upgrade to 2023 R2. in App Broker Forum
- Add user to an AAD group in App Broker Forum
- Some rejected requests are shown as pending for approvals. in App Broker Forum
