Tech Tip:  Target Servers with Multiple Interfaces

Discussion created by voged01 Employee on Mar 2, 2018
Latest reply on Mar 5, 2018 by pasmi02

PAM expects devices to be configured with a specific IP address or Fully Qualified Domain Name.  If your target server has multiple interfaces and you wish PAM to be able the system via any of them then you will have have to create an Enhancement Request, as an Idea in the PAM community.  It might be possible for your load balancer to direct traffic to any of the interfaces, with PAM still configured with only one device.  As a workaround, you could configure separate devices, one with each of the IP addresses.  All of these devices could then be in a Device Group, which would then be used in a policy.  This way you can make sure to use the same access methods/services regardless of which address is used.  Bear in mind that this method would count against your license for each address configured.