Forum Discussion
10 Replies
- Luke_Lehman_552Historic F5 Account
Hi Govind - if I understand you correctly, you're asking how you could place Silverline WAF in front of your application that resides behind a LTM that is in your data center?
If so, you could utilize Silverline WAF in the following:
- When setting up Silverline WAF, you'd assign your LTM's externally reachable IP address for the application
- You'll be provided a front-end IP address from Silverline to use.
- You'd put that front-end Silverline IP Address in your GTM as the address used to reach the application.
So it would follow this sort of approach:
External Address of your application that you could go to directly: 100.100.100.100 Front-End IP from Silverline: 200.200.200.200 How'd you configure GTM: Use 200.200.200.200
Traffic Flow:
- DNS Request for
- DNS Response from GTM: 200.200.200.200
- Client Request to 200.200.200.200
- Silverline Receives Request; Performs WAF Functionality; forwards request to 100.100.100.100
- Response from application flows back through Silverline to Client
Let me know if that was what you were after or not.
Thanks!
Luke
- Govind_32899Nimbostratus
Thanks Mr Luke Lehman for your response . I will just explain my setup . We have Two DC and each DC hosting pair of LTM & Standalone GTM .
When User Request say it hits DNS ( Which is Hosted Somewhere in Cloud say GO Daddy ) which then delegates the NS service to GTM by using the subdomain .Once request reaches the GTM it searches for Available LTM VIP .
We are using SNI for the VIP .
- Govind_32899Nimbostratus
Thanks for your Answer .
Current traffic flow : DNS Request for
DNS Response from Public DNS to delegate the request GTM ( NS )
GTM Selects the available LTM IP and send the request back to User
User sends request to LTM directly and then normal LTM flow starts .
What approach we need to put if we are integrated with Silverline . If we can directly configure LTM IP in silver line then we no more require GTM . Kindly confirm as we are delegating DNS query to GTM at the moment.
Can you share the call flow that will be very valuable
- Luke_Lehman_552Historic F5 Account
Integrating Silverline in front of your data centers does provide the ability to check which DCs are available and load balance the traffic as necessary. I don't want to undervalue GTM though as it still has a ton of value-add.
One thing that you could do is leverage GTMs Topology capabilities, to do some testing. For example, when you were trying out Silverline, you could create the necessary topology config to reply to only your machine's DNS queries to the Silverline Proxy IP (which would then LB to one of your 2 DCs).
- Govind_32899Nimbostratus
Thanks a lot for your clarification . In this scenario i need to remove the GTM from the picture as you said silverline can check which DCs are available and load balance the traffic as necessary.