WAAP¶
Attention
If you are on F5 VPN, please disconnect before doing this lab, as there are firewalls used on the VPN that can skew the results of some of the commands that are run to trigger WAF/DoS/Bot events
F5’s Distributed Cloud SaaS Web Application Firewall (WAF) can help you mitigate application threats with an updated WAF engine that inherits the shared capabilities of F5 BIG-IP Advanced WAF, and NGINX App Protect.
During this hands-on lab you will learn about the following:
F5’s Distributed Cloud Platform for providing edge WAF and DDoS protection
Updates to F5’s Distributed Cloud WAF engine that is powered by F5’s Advanced WAF engine
Hands-on lab of deploying F5’s Distributed Cloud WAF
Protecting existing Public IP resource via F5’s Distributed Cloud WAF
Deploying F5’s Distributed Cloud WAF into a cloud provider network (AWS) to protect internal Private IP resources via F5 Distributed Cloud WAF
Lab Environment¶
During this lab you will be using the dedicated F5 Distributed Cloud f5-consult tenant for Professional Services (access to the environment was completed during the Getting Started exercise).
The exercises in this lab will explore different methods of protecting and exposing the applications/web servers in this environment
The lab will be using a shared AWS account with 3 EC2 instances where we have deployed the following resources:
Public EC2 Instance with an Elastic IP attached to a web server (”Public Endpoint”)
Private EC2 Instance attached to a web server that only has a private IP address (”Private Endpoint”)
F5 Distributed Cloud Mesh Instance will be used to connect to AWS VPC (interface/ENI on both public/private subnets)
“Private Endpoint” will use F5 XC Mesh Instance for NAT GW
Note
There are also public/private DNS records that have been created for these instances.