F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

PhilJones's avatar
PhilJones
Icon for Nimbostratus rankNimbostratus
Jun 14, 2021

Active Active Advanced WAF behind Azure LB Best Practice

Hi Hope someone can help me. I'm trying to work out the best configuration for our use case - 50 + web applications bound on SSL on a active / active Advanced WAF cluster behind an Azure Load Balan...
1 NIC
active active
ASM Advanced WAF
Azure
cloud
Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP
Jun 15, 2021

On a green field, I'd probably use the F5 DNS Load Balancer Cloud Service to load balance between two AdvWAF load balancers.

For the case of single NIC or n-NIC deployments, I'd suggest to use a single NIC deployment and to use a LTM Traffic Policy that will assign a Security Policy, Pool and whateverelse based on the Host Header value. Or for more granularity on Host Header and URI.

For SSL profiles you should use SNI.

Important question to solve is - how do you keep the config in sync?

 

I'd not bother users with learning multiple ports for multiple web apps. That's torture.

 

And I strongly recommend against using F5 Cloud Failover Extension. In my opinion there is no good reason to run an expensive instance in Azure or AWS in standby. That stuff is expensive, hence it should be active.