Depends on how your client handles a HTTP redirect. One way would to be bind each Traffic IP to its own Virtual Server, then use a trafficscript as appropriate on each VS ie, for the internal one: http.redirect( " http://app1.xyz.com/passthroughauthentication.htm " ); If you don't like the idea of using two Virtual Servers you could look at string.ipmaskmatch - ie, check wether the source IP address is in a private address space. Only works if your 'internal' clients use private addresses. There are other things you can do, such as have pools for specific nodes which only handle specific types of authentication and switch between the pools as required depending on the source - a bit more involved to set up though.
... View more
I'm currently evaluating Stingray as a solution for a Exchange 2013 deployment; I'm impressed with the product, however, in comparison to other products (ie from Kemp and F5) it seems lacking in features for my needs. For example, in previous releases of Exchange, Microsoft tied their own ISA/TMG into the client flow, allowing you to easily preauthenticate users at the edge of your network. Microsoft are no longer developing that product - other load balancer providers seem to have jumped on this opportunity and have offered solutions to do preauth at the edge using those products. The key features that I can't see any obvious support for are: Forms based authentication at the loadbalancer Seamless preauth for Outlook Anywhere using Kerberos Delegation (KCD or similar) Support for NTLM auth methods The F5 with their templated iApp seems to do all of the above I've seen the solution guide for Exchange 2013 but none of the above is covered there. Has anyone had any success in doing any of the above? Thanks
... View more