For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Centralizing Cloud Security with F5 and AWS Transit Gateway

Today we were fortunate to be a launch partner of AWS for their newly announced Transit Gateway feature, known as TGW. We've had the opportunity to get our hands on TGW while it's been in private ...
Published Nov 27, 2018
Version 1.0
application delivery
aws
BIG-IP
cloud
dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
Dec 03, 2018

Hi,

 

Thanks for sharing info about TGW. I am not AWS pro so I have some questions:

 

  1. Would it be impossible to create setups described in article without TGW or it will be just much more complicated?
  2. I have issue with understanding this sentence: "We then configured global route rules within our TGW to route all inbound traffic through this VPC, ensuring that this traffic would flow through the AWAF farm before making it on to its final destination, regardless of which AWS region/VPC the VM resided in." - looking at the diagram traffic from Internet has to pass via Security VPC anyway. TGW is located behind Security VPC so routes in TGW are rather assuring that traffic leaving Security VPC will be routed to web server instance in the correct VPC as well (but I am not sure here) that returning traffic from vweb server will pass AWAF on the way back to Internet - or I am completely wrong here?
  3. What is purpose of AWS WAF with F5 rule set (I have some idea what F5 rule set is) - what is protected by AWS WAF in this case - seems that not backend web servers as those are protected by F5 AWAF.

Piotr