Help
Technical Articles
F5 SMEs share good practice.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

Easily Protect Your Applications from DDoS with F5 Distributed Cloud DDoS Auto-Mitigation

Ted_Byerly
Legacy Employee
Legacy Employee

on ‎08-Feb-2023 05:00 - edited on ‎10-Apr-2023 13:59 by Community Manager

Introduction:

F5 Distributed Cloud DDoS Mitigation leverages a globally secured network with Regional Edges (RE), hosted in scrubbing data centers, interconnected across a dedicated, multi-terabit, redundant, private backbone, operated by Tier 1 Carriers.

There have been several articles written about F5 Distributed Cloud (XC) DDoS and how to quickly protect your applications using this service. These covered Fast ACL’s to quickly protect yourself from Layer 3 and Layer 4 Network attacks and Layer 7 protection of your applications. I will link to those below.

These solutions took manual configuration and monitoring and are still necessary for a complete layered approach to protecting your applications.

This article will show how we continue to make DDoS and the configuration easier by introducing you to F5 XC DDoS Auto-Mitigation feature.

The platform itself offers immediate mitigation through our auto-mitigation edge protection (Layer 3/4). This architectural enhancement sits at the edge of our network and the underlying strength of this solution stems from it’s incredibly fast Time to Mitigate (TTM) the most common attack vectors.

Then to make this solution even more robust, I am going to show you how to add that same feature, protecting your application at Layer 7.

Screen Shot 2023-01-25 at 10.12.37 AM.png

Configuration:

This article will assume you have a F5 Distributed Cloud Console Account and have already configured a HTTP Load Balancer that is protecting an application.

  • Log In:

Screen Shot 2023-01-24 at 3.37.40 PM.png

  • Select Load Balancers
image.png
  • Verify the correct Namespace

I currently have 3 Load Balancers to choose from, your environment may be different.

  • Click the 3 ellipses on the right side of the page of the Load Balancer you wish to add DoS Protection to.

DDoS_2.png

 When the fly-out appears, select Manage Configuration.

DDoS_3.png

Notice along the left side are all the configuration items available for your Load Balancer.

  • To Edit click the Edit Configuration to the right.

DD0S_4.png

Once you click Edit Configuration, you can either scroll down to DoS Protection or click the Dos Protection label on the left side.

Initially DoS Protection is Disabled. 

  • Enable DoS protection

Screen Shot 2023-01-24 at 3.51.54 PM.png

  •  Next Enable Auto Mitigation.

DDoS_5.png

 Screen Shot 2023-01-24 at 1.19.00 PM.png

  •  Scroll to the bottom and select Save and Exit.

Screen Shot 2023-01-24 at 1.21.59 PM.png

 Conclusion

I was able to demonstrate to you how to very simply and with very little effort you are able to protect yourself from Dos Attacks using F5’s leading DoS Solution delivered as a SaaS Service.

We have simplified our solution to allow customers who have struggled in the past with manual configuration to easily add DoS protection.

For further information or to get started:

  • F5 Distributed Cloud WAAP YouTube series (Link)
  • F5 Distributed Cloud WAAP Services (Link)
  • F5 Distributed Cloud WAAP Get Started (Link)
  • Fast ACL (Link)
  • YouTube Video (Link)
Version history
Last update:
‎10-Apr-2023 13:59
Updated by:
Community Manager
Contributors
Copyright © 2023 Khoros, LLC