F5 Distributed Cloud WAF on Customer Deployment Mode Azure

This deployment mode is deal for scenarios where backend applications are inaccessible from the internet, lacking a Fully Qualified Domain Name (FQDN) or Public IP. 

It offers a secure and private connection to these applications, ensuring maximum security and privacy. 

In this case, Customer Edge sites can be deployed to connect private customer sites to the Distributed Cloud Global network via IPSEC tunnels opened from Distributed Cloud Customer Edge to the closest two Regional Edge sites. This enables a secure and private connection to the backend applications. 

In this lab, your focus will be to deploy an Azure Kubernetes cluster with a NodePort and attach a NodePort as a source to the F5 HTTPS Load Balancer. The F5 HTTPS Load Balancer will reach the Azure Kubernetes cluster using the IPSEC tunnel created through the F5 Azure Vnet Site. 

All components will deploy using Terraform. F5 HTTPS Load Balancer traffic will then be forwarded across the Distributed Cloud Global Network towards an egress Regional Edge and then over an IPSEC tunnel to the Customer Edge site, where it will be forwarded to the backend application as pure IP-based traffic. 

• Gain expertise in deploying multi-tier application on Azure and F5 Distributed Cloud using Terraform, ensuring seamless integration and automation. 
• Learn to integrate F5 Distributed Cloud with Azure Kubernetes Services (AKS) to securely manage traffic to and from containerized applications, ensuring enhanced security and scalability. 
• Master the configuration of IPSEC tunnels for private communication between Azure Kubernetes clusters and F5 Distributed Cloud, enabling secure and reliable data exchange. 
• Explore the advanced capabilities of F5 Distributed cloud, including: 
  • Web Application Firewall (WAF) for robust security. 
  • Bot protection to prevent malicious traffic API Protection for secure API interactions SSL Termination for encrypted data transmission. 
  • implement robust security mechanisms, including Layer 3 (L3) and Layer 7 (L7) DDoS protection, to safeguard your applications from cyber threats. 
• Achieve a comprehensive understanding of deploying and securing containerized applications on Azure Kubernetes Services, leveraging F5 Distributed Cloud's advanced features to ensure a secure, scalable and highly available infrastructure. 

• Azure Account 
• Azure Kubernetes Service 
• F5 Web Application Firewall 
• F5 HTTPS Load Balancer 
• F5 Azure Vnet Site 
• F5 Cloud Credentials