F5 Distributed Cloud WAF on Customer Deployment Mode Azure
Advanced Configuration Lab
Solution overview
This deployment mode is deal for scenarios where backend applications are inaccessible from the internet, lacking a Fully Qualified Domain Name (FQDN) or Public IP.
It offers a secure and private connection to these applications, ensuring maximum security and privacy.
In this case, Customer Edge sites can be deployed to connect private customer sites to the Distributed Cloud Global network via IPSEC tunnels opened from Distributed Cloud Customer Edge to the closest two Regional Edge sites. This enables a secure and private connection to the backend applications.
In this lab, your focus will be to deploy an Azure Kubernetes cluster with a NodePort and attach a NodePort as a source to the F5 HTTPS Load Balancer. The F5 HTTPS Load Balancer will reach the Azure Kubernetes cluster using the IPSEC tunnel created through the F5 Azure Vnet Site.
All components will deploy using Terraform. F5 HTTPS Load Balancer traffic will then be forwarded across the Distributed Cloud Global Network towards an egress Regional Edge and then over an IPSEC tunnel to the Customer Edge site, where it will be forwarded to the backend application as pure IP-based traffic.