Securing Azure Web Apps with the BIG-IP

With the recent release of the BIG-IP virtual edition for Azure enterprises can now take advantage of F5’s various services, (WAF, multi-factor authentication, endpoint inspection, etc.) to securely ...
Published Dec 30, 2015
Version 1.0
BIG-IP
cloud
iRules
microsoft
microsoft azure
Rama75_306110's avatar
Rama75_306110
Icon for Nimbostratus rankNimbostratus
Feb 02, 2017

Thank you very much for a very detailed writeup, i have one question on this i see that you are using a external ILB in the ASE which gives the FQDNS as external (*.p.azurewebsites.net).

 

And the recommendation is to use SSL bridging because the data flows through internet.

 

We have a requirement to use SSL offloading on the F5/WAF to read the traffic and use internal type ILB in the ASE so that it gives us an option of custom domain with an internal IP in the VNET of azure . In this scenario do you suggest to use SSL bridging. Basically trying to understand if a man in the middle attack can occur if we use SSL offloading + Internal type ILB on the ASE + VNET. We are using the F5's and WAF before the ASE.

 

Appreciate your response on this.