{"id":22526,"date":"2025-05-23T15:41:22","date_gmt":"2025-05-23T07:41:22","guid":{"rendered":"https:\/\/cciedump.spoto.net\/blog\/?p=22526"},"modified":"2025-05-23T15:41:25","modified_gmt":"2025-05-23T07:41:25","slug":"how-to-configure-big-ip-f5-for-ntlm-and-ssh","status":"publish","type":"post","link":"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html","title":{"rendered":"How to Configure BIG-IP F5 for NTLM and SSH?"},"content":{"rendered":"\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_17 counter-hierarchy counter-decimal ez-toc-light-blue\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" style=\"display: none;\"><i class=\"ez-toc-glyphicon ez-toc-icon-toggle\"><\/i><\/a><\/span><\/div>\n<nav><ul class=\"ez-toc-list ez-toc-list-level-1\"><li class=\"ez-toc-page-1 ez-toc-heading-level-2\"><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html\/#Part_1_Configuring_NTLM_Authentication_with_BIG-IP_APM\" title=\"Part 1: Configuring NTLM Authentication with BIG-IP APM\">Part 1: Configuring NTLM Authentication with BIG-IP APM<\/a><ul class=\"ez-toc-list-level-3\"><li class=\"ez-toc-heading-level-3\"><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html\/#11_Prerequisites\" title=\"1.1 Prerequisites\">1.1 Prerequisites<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-3\"><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html\/#12_Join_BIG-IP_to_the_AD_Domain_Machine_Account\" title=\"1.2 Join BIG-IP to the AD Domain (Machine Account)\">1.2 Join BIG-IP to the AD Domain (Machine Account)<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-3\"><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html\/#13_Create_an_NTLM_Authentication_Configuration\" title=\"1.3 Create an NTLM Authentication Configuration\">1.3 Create an NTLM Authentication Configuration<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-3\"><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html\/#14_Configure_NTLM_SSO_for_Web_Applications\" title=\"1.4 Configure NTLM SSO for Web Applications\">1.4 Configure NTLM SSO for Web Applications<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-3\"><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html\/#15_Build_an_Access_Policy\" title=\"1.5 Build an Access Policy\">1.5 Build an Access Policy<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-3\"><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html\/#16_Associate_with_a_Virtual_Server\" title=\"1.6 Associate with a Virtual Server\">1.6 Associate with a Virtual Server<\/a><\/li><\/ul><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-2\"><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html\/#Part_2_Setting_Up_BIG-IP_as_an_SSH_Jump_Server\" title=\"Part 2: Setting Up BIG-IP as an SSH Jump Server\">Part 2: Setting Up BIG-IP as an SSH Jump Server<\/a><ul class=\"ez-toc-list-level-3\"><li class=\"ez-toc-heading-level-3\"><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html\/#21_Prerequisites\" title=\"2.1 Prerequisites\">2.1 Prerequisites<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-3\"><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html\/#22_Create_Portal_Access_List\" title=\"2.2 Create Portal Access List\">2.2 Create Portal Access List<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-3\"><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html\/#23_Build_an_Access_Policy_for_SSH\" title=\"2.3 Build an Access Policy for SSH\">2.3 Build an Access Policy for SSH<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-3\"><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html\/#24_Enable_WebSSH_Client\" title=\"2.4 Enable WebSSH Client\">2.4 Enable WebSSH Client<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-3\"><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html\/#25_Advanced_Smart-Card_Authentication_iRules_LX\" title=\"2.5 Advanced: Smart-Card Authentication &amp; iRules LX\">2.5 Advanced: Smart-Card Authentication &amp; iRules LX<\/a><\/li><\/ul><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-2\"><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html\/#Best_Practices_Troubleshooting\" title=\"Best Practices &amp; Troubleshooting\">Best Practices &amp; Troubleshooting<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Part_1_Configuring_NTLM_Authentication_with_BIG-IP_APM\"><\/span>Part 1: Configuring NTLM Authentication with BIG-IP APM<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>BIG-IP\u2019s <strong>Access Policy Manager (APM)<\/strong> can function as an <strong>NTLM SSO authority<\/strong>, bridging domain-joined Windows clients into backend web apps or file shares.<\/p>\n\n\n\n<h3><span class=\"ez-toc-section\" id=\"11_Prerequisites\"><\/span>1.1 Prerequisites<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<ul><li><strong>Licensed BIG-IP<\/strong> with LTM and APM provisioned at <strong>Nominal<\/strong> or <strong>Full<\/strong>.<\/li><li><strong>Network reachability<\/strong> to Active Directory domain controllers (TCP\/UDP 389\/636, 88).<\/li><li>A <strong>service account<\/strong> in AD with permissions to create and manage computer accounts.<\/li><li>Clients must be <strong>joined to the same AD domain<\/strong> you configure in APM.<\/li><\/ul>\n\n\n\n<h3><span class=\"ez-toc-section\" id=\"12_Join_BIG-IP_to_the_AD_Domain_Machine_Account\"><\/span>1.2 Join BIG-IP to the AD Domain (Machine Account)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<ol><li><strong>Log in<\/strong> to the BIG-IP GUI as <code>admin<\/code>.<\/li><li>Navigate to <strong>Access \u2192 Authentication \u2192 NTLM \u2192 Machine Account<\/strong>.<\/li><li>Click <strong>Create<\/strong>, then enter:<ul><li><strong>Name<\/strong>: e.g. <code>ntlm-machine<\/code>.<\/li><li><strong>Domain FQDN<\/strong>: <code>corp.example.com<\/code>.<\/li><li><strong>Domain Controller FQDN<\/strong>: e.g. <code>dc01.corp.example.com<\/code>.<\/li><li><strong>Admin User<\/strong>\/<strong>Password<\/strong>: credentials of your AD service account.<\/li><\/ul><\/li><li>Click <strong>Join<\/strong>. After a moment, the <strong>NetBIOS Domain Name<\/strong> should auto-populate and APM will create a computer account in AD.<\/li><\/ol>\n\n\n\n<h3><span class=\"ez-toc-section\" id=\"13_Create_an_NTLM_Authentication_Configuration\"><\/span>1.3 Create an NTLM Authentication Configuration<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<ol><li>Go to <strong>Access \u2192 Authentication \u2192 NTLM \u2192 NTLM Auth Configuration<\/strong>.<\/li><li>Click <strong>Create<\/strong> and specify:<ul><li><strong>Name<\/strong>: e.g. <code>ntlm-auth<\/code>.<\/li><li><strong>Machine Account Name<\/strong>: select your <code>ntlm-machine<\/code>.<\/li><li><strong>Domain Controllers<\/strong>: add one or more FQDNs for redundancy.<\/li><\/ul><\/li><li>Click <strong>Finished<\/strong>.<\/li><\/ol>\n\n\n\n<p>This tells APM which DCs to contact when performing NTLM handshakes.<\/p>\n\n\n\n<h3><span class=\"ez-toc-section\" id=\"14_Configure_NTLM_SSO_for_Web_Applications\"><\/span>1.4 Configure NTLM SSO for Web Applications<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<ol><li>Navigate to <strong>Access \u2192 Single Sign-On \u2192 NTLM\/Kerberos \u2192 NTLM SSO<\/strong>.<\/li><li>Click <strong>Create<\/strong> and enter:<ul><li><strong>Name<\/strong>: <code>ntlm-sso<\/code>.<\/li><li><strong>NTLM Auth Config<\/strong>: select <code>ntlm-auth<\/code>.<\/li><li><strong>NTLM SSO Type<\/strong>: choose <strong>Domain Name<\/strong> or <strong>Workstation Name<\/strong> (Domain Name for browser-based).<\/li><\/ul><\/li><li>Define any <strong>URL or Hostname<\/strong> patterns if you want to restrict which sites use NTLM.<\/li><li><strong>Save<\/strong> the profile.<\/li><\/ol>\n\n\n\n<h3><span class=\"ez-toc-section\" id=\"15_Build_an_Access_Policy\"><\/span>1.5 Build an Access Policy<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<ol><li>Go to <strong>Access \u2192 Profiles\/Policies \u2192 Access Profiles<\/strong> and <strong>Create<\/strong> a new profile (type: <strong>Web Access<\/strong>, <strong>Portal Access<\/strong>, or <strong>Native Web<\/strong>).<\/li><li>Edit the <strong>Access Policy<\/strong>:<ul><li><strong>Start<\/strong> with an <strong>AD Auth<\/strong> or <strong>Logon Page<\/strong> item if you need a fallback.<\/li><li><strong>Insert<\/strong> an <strong>NTLM Auth<\/strong> item and bind your <code>ntlm-auth<\/code> configuration.<\/li><li><strong>Insert<\/strong> an <strong>SSO Credential Mapping<\/strong> item pointing to <code>ntlm-sso<\/code>.<\/li><\/ul><\/li><li><strong>Save<\/strong> and <strong>Publish<\/strong> the policy.<\/li><\/ol>\n\n\n\n<h3><span class=\"ez-toc-section\" id=\"16_Associate_with_a_Virtual_Server\"><\/span>1.6 Associate with a Virtual Server<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<ol><li>In <strong>Local Traffic \u2192 Virtual Servers<\/strong>, create or edit your web VIP.<\/li><li>Under <strong>Access Policy<\/strong>, select your newly created <strong>Access Profile<\/strong>.<\/li><li>Optionally assign HTTP profiles (e.g., <strong>http<\/strong>, <strong>http-redirect<\/strong>).<\/li><li><strong>Apply<\/strong> changes and test:<ul><li>From a domain-joined Windows client using IE or Edge, browse to the VIP.<\/li><li>If all is correct, the browser will seamlessly negotiate NTLM and present you as an authenticated user to the backend.<\/li><\/ul><\/li><\/ol>\n\n\n\n<h2><span class=\"ez-toc-section\" id=\"Part_2_Setting_Up_BIG-IP_as_an_SSH_Jump_Server\"><\/span>Part 2: Setting Up BIG-IP as an SSH Jump Server<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>By extending APM\u2019s <strong>Portal Access<\/strong> and <strong>WebSSH<\/strong> features, BIG-IP can proxy SSH connections\u2014effectively acting as a <strong>bastion<\/strong> or <strong>jump host<\/strong>.<\/p>\n\n\n\n<h3><span class=\"ez-toc-section\" id=\"21_Prerequisites\"><\/span>2.1 Prerequisites<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<ul><li>BIG-IP licensed &amp; provisioned for <strong>LTM<\/strong>, <strong>APM<\/strong>, and <strong>iRules LX<\/strong> (for advanced scripting).<\/li><li><strong>WebSSH<\/strong> package installed on BIG-IP (version 13.x+).<\/li><li>Internal SSH servers reachable from the BIG-IP data VLAN.<\/li><li>Authentication backend (LDAP\/RADIUS\/SAML) configured in APM, or Smart-Card\/CAC PKI if required.<\/li><\/ul>\n\n\n\n<h3><span class=\"ez-toc-section\" id=\"22_Create_Portal_Access_List\"><\/span>2.2 Create Portal Access List<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<ol><li>Navigate to <strong>Access \u2192 Connectivity\/VPN \u2192 Portal Access<\/strong>.<\/li><li>Click <strong>Portal Access List<\/strong>, then <strong>Create<\/strong>.<\/li><li><strong>Name<\/strong>: e.g. <code>ssh-jump-portal<\/code>.<\/li><li><strong>Virtual Server<\/strong>: select or create an APM-terminated VIP (e.g., <code>ssh-jump-vip:443<\/code>).<\/li><li><strong>Portals<\/strong>:<ul><li><strong>Type<\/strong>: <strong>Webtop<\/strong> (browser portal).<\/li><li><strong>Resource Type<\/strong>: <strong>WebSSH<\/strong>.<\/li><li><strong>Name<\/strong>: <code>SSH-Console<\/code>.<\/li><li><strong>Connection Information<\/strong>: hostname\/IP and port of the internal SSH server.<\/li><\/ul><\/li><li><strong>Save<\/strong> and <strong>Apply<\/strong>.<\/li><\/ol>\n\n\n\n<h3><span class=\"ez-toc-section\" id=\"23_Build_an_Access_Policy_for_SSH\"><\/span>2.3 Build an Access Policy for SSH<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<ol><li>Under <strong>Access \u2192 Profiles\/Policies \u2192 Access Profiles<\/strong>, <strong>Create<\/strong> or <strong>Edit<\/strong> your SSH portal profile.<\/li><li>In the <strong>Access Policy<\/strong> editor:<ul><li><strong>Logon Page<\/strong> or <strong>LDAP Auth<\/strong> for primary user authentication.<\/li><li><strong>Multi-Factor Auth<\/strong> (optional).<\/li><li><strong>Branch<\/strong> item to direct traffic to the <code>ssh-jump-portal<\/code> Webtop on success.<\/li><li><strong>Allow<\/strong> the WebSSH download and proxy.<\/li><\/ul><\/li><li><strong>Save<\/strong> and <strong>Publish<\/strong> your policy.<\/li><\/ol>\n\n\n\n<h3><span class=\"ez-toc-section\" id=\"24_Enable_WebSSH_Client\"><\/span>2.4 Enable WebSSH Client<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<ul><li>Ensure <strong>WebSSH<\/strong> is installed: <\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code class=\"\">tmsh show sys software\r<\/code><\/pre>\n\n\n\n<ul><li>If missing, install via F5 support mirror or iControl REST.<\/li><li>On your <strong>ssh-jump-vip<\/strong>, under <strong>HTTP Profile<\/strong>, confirm that <strong>WebSSH<\/strong> is enabled in the <strong>HTML\/UA<\/strong> passthrough settings.<\/li><\/ul>\n\n\n\n<p>When a user connects to <code>https:\/\/ssh-jump.example.com<\/code> in a browser:<\/p>\n\n\n\n<ul><li>They authenticate via the APM policy.<\/li><li>They land on a <strong>Webtop<\/strong> showing the <code>SSH-Console<\/code> resource.<\/li><li>Clicking it launches an in-browser SSH terminal (WebSSH) to the internal host\u2014no client install needed.<\/li><\/ul>\n\n\n\n<h3><span class=\"ez-toc-section\" id=\"25_Advanced_Smart-Card_Authentication_iRules_LX\"><\/span>2.5 Advanced: Smart-Card Authentication &amp; iRules LX<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>For FIPS-level strong authentication and audit logging:<\/p>\n\n\n\n<ol><li><strong>Configure<\/strong> Smart-Card authentication under <strong>Access \u2192 Authentication \u2192 Remote-ClientCert<\/strong>.<\/li><li><strong>Import<\/strong> your PKI CA and CRLs, and bind certificates to APM login.<\/li><li>Use an <strong>iRule LX<\/strong> to inject SSH session logging headers or implement per-user authorization.<\/li><li><strong>Monitor<\/strong> logs in <code>\/var\/log\/apm<\/code> and via <strong>Analytics<\/strong> to audit SSH sessions.<\/li><\/ol>\n\n\n\n<h2><span class=\"ez-toc-section\" id=\"Best_Practices_Troubleshooting\"><\/span>Best Practices &amp; Troubleshooting<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<ul><li><strong>Clock Skew<\/strong>: NTLM and Smart-Card auth depend on time sync\u2014ensure NTP is configured and accurate.<\/li><li><strong>DNS Reliability<\/strong>: Both NTLM machine-account joins and SSH jump host lookups rely on DNS\u2014use redundant resolvers.<\/li><li><strong>Session Timeout<\/strong>: Define inactivity timeouts in your APM access profile to drop orphaned SSH sessions.<\/li><li><strong>High Availability<\/strong>: In HA pairs, sync your <strong>Machine Account<\/strong> and <strong>Access Policy<\/strong> configurations, and ensure Smart-Card middleware is installed identically on both units.<\/li><li><strong>Client Compatibility<\/strong>: NTLM SSO works best with Internet Explorer\/Edge and Chrome on Windows; Firefox may require explicit security zone settings.<\/li><li><strong>WebSSH Performance<\/strong>: Web-based SSH can lag under high latency\u2014consider TCP optimization profiles or using the native SSH proxy method (iRules LX) for heavier use<\/li><\/ul>\n<div class='sfsi_Sicons' style='width: 100%; display: inline-block; vertical-align: middle; text-align:left'><div style='margin:0px 8px 0px 0px; line-height: 24px'><span>Please follow and like us:<\/span><\/div><div class='sfsi_socialwpr'><div class='sf_fb_share sf_icon' style='text-align:left;vertical-align: middle;'><a href='https:\/\/www.facebook.com\/sharer\/sharer.php?u=https%3A%2F%2Fcciedump.spoto.net%2Fblog%2Fhow-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html' style='display:inline-block;'  > <img class='sfsi_wicon'  data-pin-nopin='true' width='auto' height='auto' alt='fb-share-icon' title='Facebook Share' src='https:\/\/cciedump.spoto.net\/blog\/wp-content\/plugins\/ultimate-social-media-icons\/images\/visit_icons\/fbshare_bck.png'  \/><\/a><\/div><div class='sf_twiter sf_icon' style='display: inline-block;vertical-align: middle;width: auto;margin-left: 7px;'>\r\n\t\t\t\t\t\t<a target='_blank' href='https:\/\/twitter.com\/intent\/tweet?text=How+to+Configure+BIG-IP+F5+for+NTLM+and+SSH%3F+https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html'style='display:inline-block' >\r\n\t\t\t\t\t\t\t<img data-pin-nopin= true width='auto' class='sfsi_wicon' src='https:\/\/cciedump.spoto.net\/blog\/wp-content\/plugins\/ultimate-social-media-icons\/images\/visit_icons\/en_US_Tweet.svg' alt='Tweet' title='Tweet' >\r\n\t\t\t\t\t\t<\/a>\r\n\t\t\t\t\t<\/div><div class='sf_pinit sf_icon' style='text-align:left;vertical-align: middle;float:left;line-height: 33px;width:auto;margin: 0 -2px;'><a href='#'  onclick='sfsi_pinterest_modal_images(event,\"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html\",\"How to Configure BIG-IP F5 for NTLM and SSH?\")' style='display:inline-block;'  > <img class='sfsi_wicon'  data-pin-nopin='true' width='auto' height='auto' alt='fb-share-icon' title='Pin Share' src='https:\/\/cciedump.spoto.net\/blog\/wp-content\/plugins\/ultimate-social-media-icons\/images\/share_icons\/Pinterest_Save\/en_US_save.svg'  \/><\/a><\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>Table of Contents Part 1: Configuring NTLM Authentication with BIG-IP APM1.1 Prerequisites1.2 Join BIG-IP to the AD Domain (Machine Account)1.3 Create an NTLM Authentication Configuration1.4 Configure NTLM SSO for Web Applications1.5 Build an Access Policy1.6 Associate with a Virtual ServerPart 2: Setting Up BIG-IP as an SSH Jump Server2.1 Prerequisites2.2 Create Portal Access List2.3 Build&#8230; &raquo; <a class=\"read-more-link\" href=\"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html\">read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v18.0 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to Configure BIG-IP F5 for NTLM and SSH? - SPOTO Official Blog<\/title>\n<meta name=\"description\" content=\"BIG-IP\u2019s Access Policy Manager (APM) can function as an NTLM SSO authority, bridging domain-joined Windows clients into backend web apps or file shares.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Configure BIG-IP F5 for NTLM and SSH? - SPOTO Official Blog\" \/>\n<meta property=\"og:description\" content=\"BIG-IP\u2019s Access Policy Manager (APM) can function as an NTLM SSO authority, bridging domain-joined Windows clients into backend web apps or file shares.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html\" \/>\n<meta property=\"og:site_name\" content=\"SPOTO Official Blog\" \/>\n<meta property=\"article:published_time\" content=\"2025-05-23T07:41:22+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-23T07:41:25+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"SPOTO Club\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/cciedump.spoto.net\/blog\/#website\",\"url\":\"https:\/\/cciedump.spoto.net\/blog\/\",\"name\":\"SPOTO Official Blog\",\"description\":\"Focus on Online IT Training for 20+ Years\",\"publisher\":{\"@id\":\"https:\/\/cciedump.spoto.net\/blog\/#\/schema\/person\/25594d4796697ccb1ef63d55c269c638\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/cciedump.spoto.net\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html#webpage\",\"url\":\"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html\",\"name\":\"How to Configure BIG-IP F5 for NTLM and SSH? - SPOTO Official Blog\",\"isPartOf\":{\"@id\":\"https:\/\/cciedump.spoto.net\/blog\/#website\"},\"datePublished\":\"2025-05-23T07:41:22+00:00\",\"dateModified\":\"2025-05-23T07:41:25+00:00\",\"description\":\"BIG-IP\u2019s Access Policy Manager (APM) can function as an NTLM SSO authority, bridging domain-joined Windows clients into backend web apps or file shares.\",\"breadcrumb\":{\"@id\":\"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/cciedump.spoto.net\/blog\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Configure BIG-IP F5 for NTLM and SSH?\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html#article\",\"isPartOf\":{\"@id\":\"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html#webpage\"},\"author\":{\"@id\":\"https:\/\/cciedump.spoto.net\/blog\/#\/schema\/person\/25594d4796697ccb1ef63d55c269c638\"},\"headline\":\"How to Configure BIG-IP F5 for NTLM and SSH?\",\"datePublished\":\"2025-05-23T07:41:22+00:00\",\"dateModified\":\"2025-05-23T07:41:25+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html#webpage\"},\"wordCount\":822,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/cciedump.spoto.net\/blog\/#\/schema\/person\/25594d4796697ccb1ef63d55c269c638\"},\"articleSection\":[\"all\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html#respond\"]}]},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/cciedump.spoto.net\/blog\/#\/schema\/person\/25594d4796697ccb1ef63d55c269c638\",\"name\":\"SPOTO Club\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/cciedump.spoto.net\/blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/cciedump.spoto.net\/blog\/wp-content\/uploads\/2020\/03\/spoto-facemask-96x96.jpg\",\"contentUrl\":\"https:\/\/cciedump.spoto.net\/blog\/wp-content\/uploads\/2020\/03\/spoto-facemask-96x96.jpg\",\"caption\":\"SPOTO Club\"},\"logo\":{\"@id\":\"https:\/\/cciedump.spoto.net\/blog\/#personlogo\"},\"description\":\"SPOTO is an excellent leader in IT certification training for 20+ years. We offer 100% real Cisco CCNA, CCNP exam dumps, CCIE Lab study materials, PMP, CISA, CISM, AWS, Palo Alto, and other IT exam dumps. We have helped thousands of candidates around the world to pass their IT exams on the first try! As the first-class online IT training organization in China, SPOTO cooperates with many giant Internet companies in China like Tencent, Baidu, and Alibaba. What\u2019s more, we have won lots of awards in IT education training such as \u201cTop Ten Influential Brands In Online Education Industry\u201d given by Baidu, \u201cOfficial IT Online Training Organization\u201d awarded by Tencent Class, etc. Join us: https:\/\/cciedump.spoto.net\/ Contact us: E-mail: support@spoto.net Phone \/ WhatsApp: +86 18344981205\",\"sameAs\":[\"https:\/\/cciedump.spoto.net\/\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Configure BIG-IP F5 for NTLM and SSH? - SPOTO Official Blog","description":"BIG-IP\u2019s Access Policy Manager (APM) can function as an NTLM SSO authority, bridging domain-joined Windows clients into backend web apps or file shares.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html","og_locale":"en_US","og_type":"article","og_title":"How to Configure BIG-IP F5 for NTLM and SSH? - SPOTO Official Blog","og_description":"BIG-IP\u2019s Access Policy Manager (APM) can function as an NTLM SSO authority, bridging domain-joined Windows clients into backend web apps or file shares.","og_url":"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html","og_site_name":"SPOTO Official Blog","article_published_time":"2025-05-23T07:41:22+00:00","article_modified_time":"2025-05-23T07:41:25+00:00","twitter_card":"summary_large_image","twitter_misc":{"Written by":"SPOTO Club","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/cciedump.spoto.net\/blog\/#website","url":"https:\/\/cciedump.spoto.net\/blog\/","name":"SPOTO Official Blog","description":"Focus on Online IT Training for 20+ Years","publisher":{"@id":"https:\/\/cciedump.spoto.net\/blog\/#\/schema\/person\/25594d4796697ccb1ef63d55c269c638"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cciedump.spoto.net\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html#webpage","url":"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html","name":"How to Configure BIG-IP F5 for NTLM and SSH? - SPOTO Official Blog","isPartOf":{"@id":"https:\/\/cciedump.spoto.net\/blog\/#website"},"datePublished":"2025-05-23T07:41:22+00:00","dateModified":"2025-05-23T07:41:25+00:00","description":"BIG-IP\u2019s Access Policy Manager (APM) can function as an NTLM SSO authority, bridging domain-joined Windows clients into backend web apps or file shares.","breadcrumb":{"@id":"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cciedump.spoto.net\/blog"},{"@type":"ListItem","position":2,"name":"How to Configure BIG-IP F5 for NTLM and SSH?"}]},{"@type":"Article","@id":"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html#article","isPartOf":{"@id":"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html#webpage"},"author":{"@id":"https:\/\/cciedump.spoto.net\/blog\/#\/schema\/person\/25594d4796697ccb1ef63d55c269c638"},"headline":"How to Configure BIG-IP F5 for NTLM and SSH?","datePublished":"2025-05-23T07:41:22+00:00","dateModified":"2025-05-23T07:41:25+00:00","mainEntityOfPage":{"@id":"https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html#webpage"},"wordCount":822,"commentCount":0,"publisher":{"@id":"https:\/\/cciedump.spoto.net\/blog\/#\/schema\/person\/25594d4796697ccb1ef63d55c269c638"},"articleSection":["all"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/cciedump.spoto.net\/blog\/how-to-configure-big-ip-f5-for-ntlm-and-ssh_22526.html#respond"]}]},{"@type":["Person","Organization"],"@id":"https:\/\/cciedump.spoto.net\/blog\/#\/schema\/person\/25594d4796697ccb1ef63d55c269c638","name":"SPOTO Club","image":{"@type":"ImageObject","@id":"https:\/\/cciedump.spoto.net\/blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/cciedump.spoto.net\/blog\/wp-content\/uploads\/2020\/03\/spoto-facemask-96x96.jpg","contentUrl":"https:\/\/cciedump.spoto.net\/blog\/wp-content\/uploads\/2020\/03\/spoto-facemask-96x96.jpg","caption":"SPOTO Club"},"logo":{"@id":"https:\/\/cciedump.spoto.net\/blog\/#personlogo"},"description":"SPOTO is an excellent leader in IT certification training for 20+ years. We offer 100% real Cisco CCNA, CCNP exam dumps, CCIE Lab study materials, PMP, CISA, CISM, AWS, Palo Alto, and other IT exam dumps. We have helped thousands of candidates around the world to pass their IT exams on the first try! As the first-class online IT training organization in China, SPOTO cooperates with many giant Internet companies in China like Tencent, Baidu, and Alibaba. What\u2019s more, we have won lots of awards in IT education training such as \u201cTop Ten Influential Brands In Online Education Industry\u201d given by Baidu, \u201cOfficial IT Online Training Organization\u201d awarded by Tencent Class, etc. Join us: https:\/\/cciedump.spoto.net\/ Contact us: E-mail: support@spoto.net Phone \/ WhatsApp: +86 18344981205","sameAs":["https:\/\/cciedump.spoto.net\/"]}]}},"_links":{"self":[{"href":"https:\/\/cciedump.spoto.net\/blog\/wp-json\/wp\/v2\/posts\/22526"}],"collection":[{"href":"https:\/\/cciedump.spoto.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cciedump.spoto.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cciedump.spoto.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cciedump.spoto.net\/blog\/wp-json\/wp\/v2\/comments?post=22526"}],"version-history":[{"count":1,"href":"https:\/\/cciedump.spoto.net\/blog\/wp-json\/wp\/v2\/posts\/22526\/revisions"}],"predecessor-version":[{"id":22527,"href":"https:\/\/cciedump.spoto.net\/blog\/wp-json\/wp\/v2\/posts\/22526\/revisions\/22527"}],"wp:attachment":[{"href":"https:\/\/cciedump.spoto.net\/blog\/wp-json\/wp\/v2\/media?parent=22526"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cciedump.spoto.net\/blog\/wp-json\/wp\/v2\/categories?post=22526"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cciedump.spoto.net\/blog\/wp-json\/wp\/v2\/tags?post=22526"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}