AltostratusHi All
There are many other security product OEMs also provide Benchmark documents to configure their products to get maximum security or maximum utilization which leads to maximum profit for the user.
My query is, does F5 provide Benchmark documents for their product like Advanced WAF or Big-IP etc.". If yes, can anyone give me the link where I can check or download to use those?
MVPthis is another one of those "depends" on what you are looking for questions.
this is best answered via -a f5 sales rep / sales engineer combination as decision will need to be made all of which can alter the solution.
i.e. - is the physical equipment ( on prem / colocation)? Is this virtual equipment (vmware / cloud/ vcmp). all of which have limitations that can be found
https://www.f5.com/pdf/products/big-ip-platforms-datasheet.pdf
https://www.f5.com/pdf/products/big-ip-virtual-editions-datasheet.pdf
What modules do you plan on using? How many vips do you plan on configureing?
The f5 is a swiss army knife of an IT tool set, it can do a amazing amount of work, but if its not properly spec'd out, you can end up as an unsatisfied customer. A good sales team is your best option.
AltostratusThanks for the reply.
After discussing it with your marketing team, I already got the physical appliance, but now I need to prepare benchmark documents for compliance. Do you know any document where I can find the configuration benchmark for the F5 WAF?
MVPIts less about the WAF - and more about what appliance you have deployed and how much resources it has- and how you plan on using it.
There are those that are using small appiances like a i2600 with AWAF, others with a i15000 and others that are using 8slot viprions. These can be clustered to provide even more thruput as needed.
Other factors include: Are you in transparent mode or blocking mode? are you using traditional syslog or HSL? What is your network configuration GB, 10GB, teamed? Is your appliance on a stick? What components of AWAF are you deploying - IPI? BOT? ddos, layer4 detections - layer7 detections, Signatures only, threat campains, geoblocking, Datagard etc. What kind of cert are you using 2k - 4k other? What kind of normal user load are you expecting 1000pps, 10,000pps? Will the f5 be on the edge - will there be a firewall in front? will there be any layer3/4 mitigations.
FWIW - I deployed WAF before i deployied IPI. Lesson learned:
WAF did its job -and the appliances were very busy inspecting packets and doing waf like things....
Once i deployed IPI , the appiance dropped over 70% of traffic BEFORE waf inspection. This resulted in much less resources consumed, and provided the needed CPU to process more WAF requests.
Any vendor that provides a "configuration bench mark" - without defineing the hardware used -and the configuration deployed is providing bad data. The real information that is needed is what is YOUR baseline before - and what are you deploying hardware and configuration --then what is the baseline AFTER.
EmployeeCertainly! When configuring, make use of the implementation guide located in the MyF5 Knowledge Center for step-by-step instructions.
For example, for BIG-IP ASM, you can use https://techdocs.f5.com/en-us/bigip-17-0-0/big-ip-asm-implementations.html
Similarly, you can look for the other modules too.
AltostratusThanks for the reply.
I need WAF configuration benchmark documents.