BIG-IP Next Central Manager (CM) represents the next-generation management suite for the new BIG-IP OS across hardware and software instances. It provides simplified lifecycle and configuration management across F5 BIG-IP Next fleets, a concept not covered in this lab. Two primary methods for managing BIG-IP Next instances via Central Manager software are through a web browser-based portal or via API-based templates. This lab will use the UI.

Description F5 BIG-IP Next is the next generation of BIG-IP software built to reduce operational complexity, improve performance, strengthen security, and enhance observability, carrying forward the comprehensive suite of advanced BIG-IP TMOS functionality developed over the past 20 years. BIG-IP Next introduces a centralized, API-centric, and automation-friendly framework, making it faster and easier for DevOps, NetOps, and SecOps teams to deploy and manage critical application services. This lab is built with the latest technology in learning platform delivery.

F5 BIG-IP Next is the next generation of BIG-IP software built to reduce operational complexity, improve performance, strengthen security, and enhance observability, carrying forward the comprehensive suite of advanced BIG-IP TMOS functionality developed over the past 20 years. BIG-IP Next introduces a centralized, API-centric, and automation-friendly framework, making it faster and easier for DevOps, NetOps, and SecOps teams to deploy and manage critical application services. This lab is built with the latest technology in learning platform delivery.

Systems are at higher risk without a concerted, repeatable application security configuration process. In this lab, you will learn how to build a declarative AWAF policy and achieve OWASP Top Ten (2021) compliance with the BIG-IP OWASP Compliance Dashboard. A complete CI/CD pipeline is used to deploy our AWAF policy to the BIG-IP system using Application Services 3 Extension (AS3) and Ansible.

Several of the fundamental principles of F5 Distributed Cloud (XC) are highlighted in this lab environment. You will be simulating a customer during the lab who needs to verify the safety of an application. The objective is to verify the applications safety of on-premises or application on cloud before and after enabling F5 Distributed Cloud Console WAAP Capabilities by sending attacks to the application.

Welcome to the F5 Distributed Cloud (XC) with Customer Edge Deployment mode This lab, presented by WWT and powered by F5 vesctl command line tool, will guide you through aspects of managing configuration within AWS, Kubernetes using F5 Distributed Cloud (XC) in Customer Edge deployment mode. This hands-on experience guides you through deploying a multi-cloud application across AWS, which is accessible via Private IP through an F5 By harnessing the capabilities of the F5 HTTPS Load Balancer, routing traffic within AWS environments privately.

F5 BIG-IP Next is the next generation of BIG-IP software built to reduce operational complexity, improve performance, strengthen security, and enhance observability, carrying forward the comprehensive suite of advanced BIG-IP TMOS functionality developed over the past 20 years. BIG-IP Next introduces a centralized, API-centric, and automation-friendly framework, making it faster and easier for DevOps, NetOps, and SecOps teams to deploy and manage critical application services. This lab is built with the latest technology in learning platform delivery.

F5 Distributed Cloud WAF deployed on Regional Edge and App Connect Deployment mode. This deployment model offers an optimal solution for scenarios where backend applications are inaccessible from the internet, lacking a Fully Qualified Domain Name (FQDN) or Public IP. In this case Customer Edge sites can be deployed to connect these "private" customer sites to the XC Global Network via IPSEC tunnels opened from Distributed Cloud Customer Edges to the closes two REs sites. Distributed Cloud WAF is deployed on the Regional Edges, where the services are being advertised to the Internet through anycast IPs. Customer Edges are being deployed on the customer sites and connect to the closest RE and traffic will be inspected by the WAAF security policy. The traffic will then be forwarded across the distributed cloud global network towards an egress Regional Edge and then over an IPSEC tunnel to the Customer edge site where it will be forwarded to the backend applications as pure IP-based traffic.

This deployment mode is ideal for protecting backend applications that require direct internet traffic with no intermediary processing, ensuring maximum security and privacy. It's also suitable for local traffic scenarios where all traffic originates and terminates within the same customer site. In this mode, XC WAF is configured on the Customer Edge (CE) devices deployed at the customer's premises. In this case Azure Kubernetes cluster acted as customer's premises. End-users connect directly to the CEs, bypassing the XC Global Network. Meanwhile, the CE sites remain managed through the XC Cloud-based console ensuring centralized control and visibility.

In this lab, users will experience F5 Distributed Cloud Web App and API protection (WAAP), where organizations can simplify their path to effective security without sacrificing continued business innovation and customer demand. An API-driven approach to application protection enables improved collaboration between networks, security operations, and developers. This lab will use Terraform to deploy a Web App and API protection solution that protects an existing application

This WWT Lab will provide a hand on experience of F5 Distributed Cloud WAF deployed on Regional Edge in deployment mode. This deployment mode is better suited when protecting backend applications which are already public accessible from the internet via FQDN or Public IP. F5 Distributed Cloud WAF is deployed on the Regional Edges, where the services are being advertised to the internet through anycast IPs. The end users will connect to their closest Regional Edge and the traffic will be inspected by the WAF security policy. The traffic will then be forwarded across the XC Global Network towards an egress Regional Edge and then towards the customer site as regular internet traffic. The customer will filter the traffic, only allowing traffic forwarded by the XC platform.