Forum Discussion
NimbostratusIntegration of WAF Silverline with existing system ( GTM & LTM )
NimbostratusThanks Mr Luke Lehman for your response . I will just explain my setup . We have Two DC and each DC hosting pair of LTM & Standalone GTM .
When User Request say it hits DNS ( Which is Hosted Somewhere in Cloud say GO Daddy ) which then delegates the NS service to GTM by using the subdomain .Once request reaches the GTM it searches for Available LTM VIP .
We are using SNI for the VIP .
- Govind_32899
Thanks for your Answer .
Current traffic flow : DNS Request for
DNS Response from Public DNS to delegate the request GTM ( NS )
GTM Selects the available LTM IP and send the request back to User
User sends request to LTM directly and then normal LTM flow starts .
What approach we need to put if we are integrated with Silverline . If we can directly configure LTM IP in silver line then we no more require GTM . Kindly confirm as we are delegating DNS query to GTM at the moment.
Can you share the call flow that will be very valuable
Integrating Silverline in front of your data centers does provide the ability to check which DCs are available and load balance the traffic as necessary. I don't want to undervalue GTM though as it still has a ton of value-add.
One thing that you could do is leverage GTMs Topology capabilities, to do some testing. For example, when you were trying out Silverline, you could create the necessary topology config to reply to only your machine's DNS queries to the Silverline Proxy IP (which would then LB to one of your 2 DCs).
- Govind_32899
Thanks a lot for your clarification . In this scenario i need to remove the GTM from the picture as you said silverline can check which DCs are available and load balance the traffic as necessary.
- Govind_32899
Hello Luke . Thanks for you timely help . We will be using Priority Group Activation (PGA) in silverline and redirect all users to Silverline to use proxy service which in turn forward request to the LTM in DC.
We will remove GTM from the middle . Hopefully we will try to find a solution by which we can accommodate GTM in between but as of now we have no option . If you find any then kindly share .
I would like to accept the answer you provided .
- Govind_32899
Hello Luke do you think of any SNI like feature in Silverline .
Hi Govind,
We support SNI in Silverline.
See this Silverline KB entry for more details: https://support.f5silverline.com/hc/en-us/articles/219864747-Hosting-Multiple-SSL-Domains-Behind-One-Proxy-Service-Name-Indication-or-SNI-
It sounds like you have a Silverline account, maybe POC? If you do, you could ask any other Silverline / SNI questions with our Security Operations Center expert analysts.
If you do not, I'm happy to help out here :)
Thanks!
- Govind_32899
I don't have a Silverline account so unable to open the KB .
I am mainly deploying LTM/GTM stuff . Silverline configuration is handled my some other team .
We had issues in the deployment as we were using Cookie persistence in LTM so when we integrated Silverline we had connection error . In this case do we need to set HTTP cookie as passive in silverline so avoid double insertion of Cookies by both F5 & Silverline .
Any help in this regard will be highly appreciated . With this i would like to thank you for the help .
Gotcha - I would highly recommend that the other team that you mentioned work with our SOC (Security Operations Center) - they are great to work with and will be able to provide you with the best answers - and much quicker than I can :)
Thanks!
