Integration of WAF Silverline with existing system ( GTM & LTM )

Question

In our setup request for website sites first goes to the DNS server which is having a NS as GTM and then request hits at GTM and gets the IP of LTM which is avilable across the data center .&nbsp;
In this scenario who we can use web application firewall (WAF) in proxy mode .&nbsp;

luke_lehman_552 · Answer

Hi Govind - if I understand you correctly, you're asking how you could place Silverline WAF in front of your application that resides behind a LTM that is in your data center?&nbsp;
If so, you could utilize Silverline WAF in the following:&nbsp;
When setting up Silverline WAF, you'd assign your LTM's externally reachable IP address for the applicationYou'll be provided a front-end IP address from Silverline to use.You'd put that front-end Silverline IP Address in your GTM as the address used to reach the application.
So it would follow this sort of approach:&nbsp;
External Address of your application that you could go to directly: 100.100.100.100
Front-End IP from Silverline: 200.200.200.200
How'd you configure GTM: Use 200.200.200.200&nbsp;
Traffic Flow:&nbsp;
DNS Request for DNS Response from GTM: 200.200.200.200Client Request to 200.200.200.200Silverline Receives Request; Performs WAF Functionality; forwards request to 100.100.100.100Response from application flows back through Silverline to Client
Let me know if that was what you were after or not.&nbsp;
Thanks!&nbsp;
Luke&nbsp;

govind_32899 · Answer

Thanks Mr Luke Lehman for your response . I will just explain my setup . We have Two DC and each DC hosting pair of LTM &amp; Standalone GTM . &nbsp;
When User Request say   it hits DNS ( Which is Hosted Somewhere in Cloud say GO Daddy ) which then delegates the NS service to GTM by using the subdomain .Once request reaches the GTM it searches for Available LTM VIP .&nbsp;
We are using SNI for the VIP .&nbsp;

govind_32899 · Answer

Thanks for your Answer . &nbsp;
Current traffic flow :
DNS Request for &nbsp;
DNS Response from Public DNS to delegate the request  GTM ( NS )  
&nbsp;
GTM Selects the available LTM IP and send the request back to User &nbsp;
User sends request  to LTM directly and then normal LTM flow starts .&nbsp;
What approach we need to put if we are integrated with Silverline . If we can directly configure LTM IP in silver line then we no more require GTM . Kindly confirm as we are delegating DNS query to GTM at the moment.&nbsp;
Can you share the call flow that will be very valuable   
&nbsp;

luke_lehman_552 · Answer

Integrating Silverline in front of your data centers does provide the ability to check which DCs are available and load balance the traffic as necessary.  I don't want to undervalue GTM though as it still has a ton of value-add.&nbsp;
One thing that you could do is leverage GTMs Topology capabilities, to do some testing.  For example, when you were trying out Silverline, you could create the necessary topology config to reply to only your machine's DNS queries to the Silverline Proxy IP (which would then LB to  one of your 2 DCs).&nbsp;

govind_32899 · Answer

Thanks a lot for your clarification . In this scenario i need to remove the GTM from the picture as you said silverline can check which DCs are available and load balance the traffic as necessary.

Forum Discussion

Integration of WAF Silverline with existing system ( GTM & LTM )

10 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Silverline DDoS capabilities are now available in F5 Distributed Cloud

Making Mobile SDK Integration Ridiculously Easy with F5 XC Mobile SDK Integrator

Introducing App Proxies for F5 Silverline

Integrating SSL Orchestrator with McAfee Web Gateway-Transparent Proxy

Silverline DDoS Architecture