Forum Discussion
AltocumulusF5 XC and Azure FrontDoor
Hi all,
I would like to ask for some advice how to configure application behind Azure FrontDoor on F5 XC solution.
As Azure FD required valid SSL certificate to forward traffic we used on BIG-IP workaround with "WAF domain" where valid certificate was used and we were able to connect to the application from FD via AWAF.
XC create DNS for virtual host (loadbalancer) in format ves-io-uuid.ac.vh.ves.io but address has not valid SSL certificate so FD is not able to connect.
Does someone has certain experiences with such implementation?
Another question is how do you recognize clients in such cases? Especially when one domain is behind Azure FD or another CDN and another is not. By default client is recognized by IP address so in case that traffic is forwarded via CDN/FD we need to change User Identifier from "Client IP Address" to different object, for example some header. But what about application what is not behind CDN. How it will be recognized? Can I combine it somehow on one vhost (loadbalancer)?
Thank you.
5 Replies
- Injeyan_Kostas
Cumulonimbus
I am confused who sends traffic to whom?
Frond Door to XC or XC to Frond Door?
JaZyClient -> FD -> XC -> Origin
- Injeyan_Kostas
Ok about Certificate, you have to use a new domain or subdomain in XC for which you will have a valid certificate in order Front Door to be able to send traffic to.
For clients identification indeed you need CDN to inject a header. But as of course this header might not be present in apps not using CDN, you have to use different load balancers.
