F5 Distributed Cloud WAF on Regional and App Connect Deployment Mode
Advanced Configuration Lab
Solution overview
This deployment model offers an optimal solution for scenarios where backend applications are inaccessible from the internet, lacking a Fully Qualified Domain Name (FQDN) or Public IP.
In this case Customer Edge sites can be deployed to connect private customer sites to the Distributed Cloud Global network via IPSEC tunnels opened from Distributed Cloud Customer Edge to the closest two Regional Edges sites.
In this lab, your focus will be to deploy an Azure VM with a Private IP and attach a Private IP as a source to the F5 HTTPS Load Balancer. The F5 HTTPS Load Balancer will reach the Azure VM using the IPSEC tunnel created through the F5 Azure VNET Site.
All components will deploy using Terraform. F5 HTTPS Load Balancer traffic will then be forwarded across the Distributed Cloud Global Network towards an egress Regional Edge and then over an IPSEC tunnel to the Customer Edge site, where it be forwarded to the backend application as pure IP-based traffic.