L7 Configuration
- Last Updated: December 10, 2024
- 2 minute read
- LoadMaster
- LoadMaster LTSF
- Documentation
L7 Authentication Timeout
When configuring ESP, users can set the L7 Authentication Timeout (secs) option.
This option supports the integration with third party, multi-factor, authentication solutions which may have secondary processes such as SMS or telephone verification. This setting determines how long (in seconds) the SSO form waits for authentication verification to complete before timing out.
L7 Client Token Timeout (secs)
The duration of time (in seconds) to wait for the client token while the process of authentication is ongoing (used for RSA SecurID and RADIUS authentication). The range of valid values is 60 to 300. The default value is 120.
Include User Agent Header in User Logs
When enabled, the User Agent header field gets added to the User Logs.
Use CEF Log Format
When enabled, the ESP logs are generated in Common Event Format (CEF). CEF log format is easily consumable for Security Information and Event Management (SIEM) tools, such as; Splunk, SolarWinds, LogRhythm, AlienVault, and so on.
SSO Maximum Threads
The maximum number of allowed threads for SSO authentication attempts. The range of valid values is 64 to 1024. The default value is 128.
NTLM Proxy Mode
In LoadMaster firmware version 7.2.48.4 Long Term Support (LTS) and 7.2.53, the NTLM Proxy Mode option was added to the LoadMaster. When upgrading from an older version of LoadMaster firmware to one of these versions (or above) the NTLM Proxy Mode option is not enabled by default. As a result, you must manually enable NTLM Proxy Mode after upgrading.
For all new deployments of LoadMasters after 7.2.48.4 LTS or 7.2.53, NTLM Proxy Mode is enabled by default.
When NTLM Proxy Mode is enabled, NTLM authorization works against the Real Servers. If NTLM Proxy Mode is disabled, the old insecure NTLM processing is performed.
When NTLM Proxy Mode is enabled globally, the Client Authentication Mode in Virtual Services is called NTLM-Proxy. If NTLM Proxy Mode is disabled globally, the Client Authentication Mode in Virtual Services is called NTLM.