Active Active Advanced WAF behind Azure LB Best Practice
Hi Hope someone can help me. I'm trying to work out the best configuration for our use case - 50 + web applications bound on SSL on a active / active Advanced WAF cluster behind an Azure Load Balancer configured on top of the single nic deployment from F5's supported ARM template (https://github.com/F5Networks/f5-azure-arm-templates/tree/main/supported/autoscale/waf/via-lb) Should I separate out every application into separate Virtual Servers either on a separate port / IP binding? If IP binding - is it possible even to share Self IPs between both Active BigIPs in single arm configuration behind an ALB (to reduce the admin overhead creating Virtual Servers twice on both BigIPs)? Or should I bind more internal IPs directly to both BigIPs independently and duplicate the Virtual Server config based on that? Or should I go for a 2 or 3 Nic configuration and will that allow me to configure shared IPs? If port binding, is it efficient to create multiple virtual servers on same IP different ports? Should that an IP binding on multiple ports or a wildcard destination? I'm struggling to find a definitive guide for my use case that goes beyond a single Virtual Server set up. I'm sure I've misunderstood some of these concepts! thanks in advance