Dayesh_263997
Mar 05, 2019Nimbostratus
LTM-WAF Integration query
Hello All,
We are planning to integrate WAF (Radware) in our network setup for the web servers.
We are thinking of 2 options for WAF implementation:
Option 1 : Client IP --> Ext FW (NAT for F5 VIP)-L3-> ACI --L3-> (VIP)F5--(SNAT on F5)L3--> WAF (SNAT on WAF) --> (VIP)F5 --L3-->ACI--> F5--L3--> Webserver.
Option2 : Client IP --> Ext FW (NAT for F5 VIP)-L3-> ACI --L3-> (VIP)F5--> WAF(WAF as L2) ---> Webserver.
Please confirm what is the right approach to integrate WAF into this setup. Note : Every endpoint (Webserver, LTM Internal/External Leg , WAF ) has a gateway on ACI Fabric.
Role of F5 : To do the load balancing across Web servers, SSL offloading etc.
Role of WAF : to perform L4-L7 functions.
Thanks.
Dayesh