How to configure Cohesity F5 BIG-IP for secure, repeatable access

Most ops teams first meet Cohesity F5 BIG-IP when they realize the backup traffic is crushing their load balancer or the security team wants deeper control over who touches recovery endpoints. One handles smart data management, the other manages and protects traffic. Connecting them well means your data moves fast and your auditors rest easy.

Cohesity focuses on unified data management: backup, recovery, and archival workflows across clouds and data centers. F5 BIG-IP is the trusted gatekeeper in front of that data, routing traffic with SSL termination, access control, and observability. Together, they deliver a balance of resilience and control that most modern infrastructure teams crave.

The integration is straightforward conceptually. You use F5 BIG-IP as the external traffic controller for Cohesity clusters, defining virtual servers and pools that map to Cohesity nodes. TLS termination happens on the BIG-IP tier, where you can integrate with corporate identity providers like Okta or Azure AD using SAML or OIDC. From there, traffic to Cohesity APIs and UIs can be restricted to identity-aware roles, giving you strong perimeter security and fine-grained logging.

If you care about performance, use BIG-IP’s TCP optimization profiles for backup streams. That avoids choppy throughput when Cohesity pushes large data sets. For high availability, map separate health monitors to each Cohesity service port. If one node hiccups, BIG-IP resumes traffic to healthy peers without affecting restore jobs.

A quick tip when troubleshooting integration: check session persistence policies. Cohesity’s UI and API use distinct cookie paths, so persistence must mirror that logic to avoid broken sessions for authenticated users. Updating certificates directly on BIG-IP also saves time during key rotation cycles, sparing you multiple re-deployments across Cohesity clusters.

Key benefits of combining Cohesity and F5 BIG-IP

• Unified identity and access management for data recovery endpoints
• Consistent encryption and inspection policies across all traffic
• Faster disaster recovery testing through load-balanced restores
• Centralized auditing that satisfies SOC 2 and ISO compliance requirements
• Simplified certificate updates and reduced manual toil for admins

For developers, this integration cuts friction. No more manual firewall exceptions or bouncing between admin panels for permissions. Backup APIs live behind one predictable entry point. Teams gain real developer velocity because environments stay consistent across staging and production.

Platforms like hoop.dev turn those access rules into guardrails that enforce policy automatically. When BIG-IP calls Cohesity APIs, hoop.dev can broker identity-aware connections that validate JWT claims, ensuring that backups, restores, or automation jobs always run under traceable, least-privilege tokens.

How do I connect Cohesity and F5 BIG-IP securely?
Deploy your Cohesity cluster, then configure virtual servers on F5 BIG-IP pointing to Cohesity service ports with SSL profiles. Integrate identity providers for SSO, enable health monitors, and verify that persistence profiles align with session cookies. This preserves both performance and authentication consistency.

The pairing works best when treated as a living system: identity at the edge, intelligence in the core, and no unnecessary manual steps in between.

See an Environment Agnostic Identity-Aware Proxy in action with hoop.dev. Deploy it, connect your identity provider, and watch it protect your endpoints everywhere—live in minutes.