Yes, you sure can. Single-sign-on is all the rage these days, and why not, it makes life a lot easier (and more secure) for users. We absolutely support load balancing ADFS through the load balancer. In fact, it is actually quite easy.
The only port you typically need is 443 for your SSL traffic. If you have a redirect from HTTP to HTTPS, you could add port 80 as well, but we don’t see that very often, so only add it if absolutely necessary. You can use the “SSL” protocol if you upload a SSL Certificate, or if you simply want SSL pass-through for quick-and-easy setup, use “SSL_BRIDGE” instead.
When it comes to monitoring, a simple ping is not what most people want. In fact, today’s sharp security managers often disable ICMP completely. In that case, you may want to create an HTTP monitor that looks at a specific URL for the HTTP 200 response code. Below are a few links to try out. Insert your IP or host name and paste it into your browser. If they work, create a monitor for one of them:
This seems to be the preferred method if it is available to you. There is a built-in probe in ADFSv3 that will spit back a HTTP 200 response code, and you don’t even have to use SSL. If your install supports this, we think it is the easiest way to go. Here is a quick image of an HTTP monitor (both the standard parameters tab and the special parameters tab) for your easy configuration reference:
If that URL does not work for you, here are two other options you can look at. For both, we suggest an HTTP monitor with “secure” checked and using port 443.
If you run into any issues at all, please reach out to support or your technical account manager. We’ve helped several clients and we are more than willing to help you with this too!
One last tip. If you’re tacking ADFS for the first time, there is a really helpful article here.