cancel
Showing results for 
Search instead for 
Did you mean: 

Layer7 Migration to F5

Nforba
Nimbostratus
Nimbostratus

Hello Community, I am new to F5 and I want to do migration from layer7 to F5. Please can someone guide me through on what to do? 

10 REPLIES 10

Lior_Rotkovitch
F5 SIRT
F5 SIRT

Hello,

when you say you want to do L7 migration, which attack you want to mitigated ?
L7 mitigations is wide and can be brute  force, DDoD, injections (XSS, SQLi) 

Typically Adv WAF is the right product for this. here are some links. let us know if you need more sources. 

 

https://community.f5.com/t5/technical-articles/http-brute-force-mitigation-playbook-overview-chapter...

 

https://community.f5.com/t5/technical-articles/bots-mitigations-overview-with-advance-waf-anti-bot-e...

 

Lior Rotkovitch | Senior Security Engineer – F5 SIRT
Twitter: @rotkovitch

Hello,

Currently our layer7 is out of support and we need the functionality migrated to the F5. I'm new to F5 and would wish to have some help on how to accomplish the task of migrating from layer7 to F5.

 

buulam
Community Manager
Community Manager

Hi @Nforba it sounds like you may be referring to the former CA Layer7 API Gateway product? I don't believe we have any specific documented guidance on this. Do you have an idea of what functions were done on the Layer7 and we might be able to point you in the direction for how these would be setup on a BIG-IP?

~~~~~~~~~~~~~~~~~~
@buulam / YouTube.com/DevCentral

The following functions are running on the layer7

SAP PROCESS ORCHESTRATION 

Solarwinds

SAP Services (Gateway, gateway rest and gateway timeout long).

On layer7 API Gateway 1) TLS or SSL request is done, 2) HTTP basic authentication against LDAP and 3) redirect app server such as SAP PO, SAP PRD

We need to migrate those services to F5. Thanks

@buulam, this is actually the former CA API Gateway

buulam
Community Manager
Community Manager

Ok, this is a fairly older document but it gives an idea of configuration of some of these features. 

https://www.f5.com/pdf/deployment-guides/f5-sap-dg.pdf

These are fairly standard LTM functions so if you are familiar with basic LTM operations, you should be good. If not, you may want to have a look at university.f5.com so some introductory content on LTM to get yourself up and running.

~~~~~~~~~~~~~~~~~~
@buulam / YouTube.com/DevCentral

We already have SAP deployed and the task I want to accomplish is using F5 as an API gateway that will route traffic to SAP. We do have BIG-IP ASM/AMP/LTM products. 

buulam
Community Manager
Community Manager

You can achieve a lot of that but you'll need to dissect the functions from the existing Layer7 solution a little bit further. They do typically translate to what would be standard reverse proxy, SSL/TLS offload or bridging, rewriting, authentication and WAF functions on a BIG-IP. Each of those functions is a lot to unpack if you are just getting started with BIG-IP so I would suggest at least getting through some of the Getting Started courses on university.f5.com. I would also suggest discussing with your local F5 Solutions Engineer as well as they can probably get into a deeper discussion about what you have configured on your Layer7 and give you a bit of a road map on what to tackle first on your BIG-IP.

~~~~~~~~~~~~~~~~~~
@buulam / YouTube.com/DevCentral

We are currently utilizing Layer7 as an API gateway, mainly to handle LDAP authentication and SAP ochestration. We want to move those services from layer 7 to F5 and get rid of layer7. I just need a process or steps to migrate any of the service

 

buulam
Community Manager
Community Manager

This might be a good place to start: https://techdocs.f5.com/en-us/bigip-15-0-0/big-ip-local-traffic-manager-implementations/configuring-...

This depends a bit on your familiarity with BIG-IP but this can at least get you started.

~~~~~~~~~~~~~~~~~~
@buulam / YouTube.com/DevCentral