Skip navigation

Duo 2FA for F5 BIG-IP APM - FAQs

Last Updated: September 1st, 2018

Duo integrates with your F5 BIG-IP APM to add two-factor authentication to any VPN login, complete with inline self-service enrollment and Duo Prompt.

My WebTop users are not being prompted to reauthenticate if they close the F5 session browser tab. How can I force them to reauthenticate?

The F5 APM 11.4 may not be clearing out the WebTop session cookies correctly. Try creating an iRule to remove the cookie on the Local Traffic branch of your defined WebTop Access Policy with the following definition (in this example the name of the Access Policy is dfw_vpn):

  if { ([HTTP::uri] == "/") && [HTTP::cookie exists MRHSession ] && [ACCESS::session exists [HTTP::cookie value MRHSession]] }{

HTTP::redirect "https://[HTTP::host]/vdesk/webtop.eui?webtop=/Common/dfw_vpn_webtop&webtop_type=webtop_full"

  } elseif { [HTTP::cookie exists MRHSession] } {

  HTTP::cookie remove MRHSession



iRule Editor

Consult the BIG-IP Access Policy Manager Configuration Guide for more information about iRule creation and syntax or contact F5 support.

Additional Troubleshooting

Need more help? Try searching our F5 BIG-IP Knowledge Base articles or Community discussions. For further assistance, contact Support.