Forum Discussion

starboy's avatar
starboy
Icon for Cirrus rankCirrus
Jul 23, 2024

Advanced WAAP

Hi all 

We are going to acquire the Big-IP Advanced WAF for traffic initiated from web servers to application servers. As an assignment, I need to clarify one thing: some of the servers don't use a three-tier architecture, meaning all web, application, and database servers are on the same VLAN. Is it possible for the Advanced WAAP to intercept traffic initiated from web to app in this use case, or must we first separate into a three-tier architecture? If there is a workaround, I need your assistance.

Thanks,

  • Having all components in the same VLAN doesn't make the application mono-tier, if you see it from the higher layers perspective. You still have different components to serve different functionalities.

    So the answer is yes, you can have your F5 WAF between the web and the app servers. Basically, you'll just need to activate source address translation so that the return traffic goes through the F5