when you say you want to do L7 migration, which attack you want to mitigated ?
L7 mitigations is wide and can be brute force, DDoD, injections (XSS, SQLi)
Typically Adv WAF is the right product for this. here are some links. let us know if you need more sources.
Currently our layer7 is out of support and we need the functionality migrated to the F5. I'm new to F5 and would wish to have some help on how to accomplish the task of migrating from layer7 to F5.
Hi @Nforba it sounds like you may be referring to the former CA Layer7 API Gateway product? I don't believe we have any specific documented guidance on this. Do you have an idea of what functions were done on the Layer7 and we might be able to point you in the direction for how these would be setup on a BIG-IP?
The following functions are running on the layer7
SAP PROCESS ORCHESTRATION
SAP Services (Gateway, gateway rest and gateway timeout long).
On layer7 API Gateway 1) TLS or SSL request is done, 2) HTTP basic authentication against LDAP and 3) redirect app server such as SAP PO, SAP PRD
We need to migrate those services to F5. Thanks
Ok, this is a fairly older document but it gives an idea of configuration of some of these features.
These are fairly standard LTM functions so if you are familiar with basic LTM operations, you should be good. If not, you may want to have a look at university.f5.com so some introductory content on LTM to get yourself up and running.
You can achieve a lot of that but you'll need to dissect the functions from the existing Layer7 solution a little bit further. They do typically translate to what would be standard reverse proxy, SSL/TLS offload or bridging, rewriting, authentication and WAF functions on a BIG-IP. Each of those functions is a lot to unpack if you are just getting started with BIG-IP so I would suggest at least getting through some of the Getting Started courses on university.f5.com. I would also suggest discussing with your local F5 Solutions Engineer as well as they can probably get into a deeper discussion about what you have configured on your Layer7 and give you a bit of a road map on what to tackle first on your BIG-IP.
We are currently utilizing Layer7 as an API gateway, mainly to handle LDAP authentication and SAP ochestration. We want to move those services from layer 7 to F5 and get rid of layer7. I just need a process or steps to migrate any of the service
This might be a good place to start: https://techdocs.f5.com/en-us/bigip-15-0-0/big-ip-local-traffic-manager-implementations/configuring-...
This depends a bit on your familiarity with BIG-IP but this can at least get you started.