series-f5-hybrid-architectures

8 Topics

F5 Hybrid Security Architectures: Part 3 F5 XC API Protection and NGINX Ingress
Here in this example solution, we will be using DevSecOps practices to deploy an AWS Elastic Kubernetes Service (EKS) cluster running the Arcadia Finance test web application serviced by F5 NGINX Ingress Controller for Kubernetes. For protection, will provide API Discovery and Security with F5 Distributed Cloud's Web App and API Protection service. Introduction: For those of you following along with the F5 Hybrid Security Architectures series, welcome back! If this is your first foray into the series and would like some background, have a look at the intro article. This series is using the F5 Hybrid Security Architectures GitHub repo and CI/CD platform to deploy F5 based hybrid security solutions based on DevSecOps principles. This repo is a community supported effort to provide not only a demo and workshop, but also a stepping stone for utilizing these practices in your own F5 deployments. If you find any bugs or have any enhancement requests, open a issue or better yet contribute! API Security: APIs are an integral part of our daily routine, facilitating everything from critical to mundane tasks. From banking and ride-sharing apps to the weather updates we check before stepping out, APIs enable these functionalities. Given the sensitive nature of the data that can be exposed by unprotected APIs, the need for effective security cannot be stressed enough. With F5 Distributed Cloud Web App and API protection security teams can discover, inventory, and secure these critical APIs. Here in this example solution, we will be using DevSecOps practices to deploy an AWS Elastic Kubernetes Service (EKS) cluster running the Brewz test web application serviced by F5 NGINX Ingress Controller. To secure our application and APIs, we will deploy F5 Distributed Cloud's Web App and API Protection service. This will provide us API Discovery and Security as well as a traditional Web Application Firewall and Malicious User Detection. Distributed Cloud WAAP: Available for SaaS-based deployments and provides comprehensive security solutions designed to safeguard web applications and APIs from a wide range of cyber threats. This solution utilizes a distributed cloud architecture, which enables it to provide real-time protection and scale to meet the needs of large enterprises. NIGNX Ingress Controller for Kubernetes: A lightweight software solution that helps manage app connectivity at the edge of a Kubernetes cluster by directing requests to the appropriate services and pods. It provides advanced load balancing, routing, identity, and security, as well as montioring and observability features. XC WAAP + NGINX Ingress Controller Workflow GitHub Repo: F5 Hybrid Security Architectures Prerequisites: F5 Distributed Cloud Account (F5 XC) Create an F5 XC API certificate NGINX Ingress Controller license AWS Account - Due to the assets being created, free tier will not work. Terraform Cloud Account GitHub Account Assets xc: F5 Distributed Cloud WAAP nic: NGINX Ingress Controller infra: AWS Infrastructure (VPC, IGW, etc.) eks: AWS Elastic Kubernetes Service brewz: Brewz SPA test web application Tools Cloud Provider: AWS Infrastructure as Code: Terraform Infrastructure as Code State: Terraform Cloud CI/CD: GitHub Actions Terraform Cloud Workspaces: Create a workspace for each asset in the workflow chosen Workflow: xc-nic Workspaces: infra, eks, nic, brewz, xc Your Terraform Cloud console should resemble the following: Variable Set: Create a Variable Set with the following values. IMPORTANT: Ensure sensitive values are appropriately marked. AWS_ACCESS_KEY_ID: Your AWS Access Key ID - Environment Variable AWS_SECRET_ACCESS_KEY: Your AWS Secret Access Key - Environment Variable AWS_SESSION_TOKEN: Your AWS Session Token - Environment Variable VOLT_API_P12_FILE: Your F5 XC API certificate. Set this to api.p12 - Environment Variable VES_P12_PASSWORD: Set this to the password you supplied when creating your F5 XC API key - Environment Variable nginx_jwt: Your NGINX Java Web Token associated with your NGINX license - Terraform Variable ssh_key: Your ssh key for access to created compute assets - Terrraform Variable tf_cloud_organization: Your Terraform Cloud Organization name - Terraform Variable Your Variable Set should resemble the following: GitHub Fork and Clone Repo: F5 Hybrid Security Architectures ctions Secrets: Create the following GitHub Actions secrets in your forked repo XC_P12: The base64 encoded F5 XC API certificate TF_API_TOKEN: Your Terraform Cloud API token TF_CLOUD_ORGANIZATION: Your Terraform Cloud Organization TF_CLOUD_WORKSPACE_workspace: Create for each workspace used in your workflow. EX: TF_CLOUD_WORKSPACE_XC would be created with the value xc Your GitHub Actions Secrets should resemble the following: Setup Deployment Branch and Terraform Local Variables: Step 1: Check out a branch for the deploy workflow using the following naming convention xc-nic deployment branch: deploy-xcapi-nic Step 2: Rename infra/terraform.tfvars.examples to infra/terraform.tfvars and add the following data #Global project_prefix = "Your project identifier" resource_owner = "You" #AWS aws_region = "Your AWS region" ex: us-west-1 azs = "Your AWS availability zones" ex: ["us-west-1a", "us-west-1b"] #Assets nic = true nap = false bigip = false bigip-cis = false Step 3: Rename xc/terraform.tfvars.examples to xc/terraform.tfvars and add the following data #XC Global api_url = "https://.console.ves.volterra.io/api" xc_tenant = "Your XC Tenant Name" xc_namespace = "Your XC namespace" #XC LB app_domain = "Your App Domain" #XC WAF xc_waf_blocking = true #XC AI/ML Settings for MUD, APIP - NOTE: Only set if using AI/ML settings from the shared namespace xc_app_type = [] xc_multi_lb = false #XC API Protection and Discovery xc_api_disc = true xc_api_pro = true xc_api_spec = ["Path to uploaded API spec"] *See below screen shot for how to obtain this value. #XC Bot Defense xc_bot_def = false #XC DDoS xc_ddos = false #XC Malicious User Detection xc_mud = true For Path to API Spec navigate to Manage->Files->Swagger Files, click the three dots next to your OAS, and choose "Copy Latest Version's URL". Paste this into the xc_api_spec in the xc/terraform.tfvars. Step 4: Modify line 16 in the .gitignore and comment out the *.tfvars line with # and save the file Step 5: Commit your changes Deployment: Step 1: Push your deploy branch to the forked repo Step 2: Back in GitHub, navigate to the Actions tab of your forked repo and monitor your build Step 3: Once the pipeline completes, verify your assets were deployed to AWS and F5 XC Step 4: Check your Terraform Outputs for XC and verify your app is available by navigating to the FQDN API Discovery and Security Dashboards: After leaving the Brewz test app deployed for a while we can start to see the API graph form. The F5 XC WAAP platform learns the schema structure of the API by analyzing sampled request data, then reverse-engineering the schema to generates an OpenAPI spec. The platform validates what is deploy versus what is discovered and tags any Shadow APIs that are found. We can also check the dashboards for any attacks that may have occurred while we were waiting for discovery to finish. The internet being what it is, it didn't take long for the platform to protect us against some attacks. Deployment Teardown: Step 1: From your deployment branch check out a branch for the destroy workflow using the following naming convention xc-nic destroy branch: destroy-xcapi-nic Step 2: Push your destroy branch to the forked repo Step 3: Back in GitHub, navigate to the Actions tab of your forked repo and monitor your build Step 4: Once the pipeline completes, verify your assets were destroyed Conclusion: In this article we have shown how to utilize the F5 Hybrid Security Architectures GitHub repo and CI/CD pipeline to deploy a tiered security architecture utilizing F5 XC WAAP and NGINX Ingress Controller to protect a test API running in AWS EKS. While the code and security policies deployed are generic and not inclusive of all use-cases, they can be used as a steppingstone for deploying F5 based hybrid architectures in your own environments. Workloads are increasingly deployed across multiple diverse environments and application architectures. Organizations need the ability to protect their essential applications regardless of deployment or architecture circumstances. Equally important is the need to deploy these protections with the same flexibility and speed as the apps they protect. With the F5 WAF portfolio, coupled with DevSecOps principles, organizations can deploy and maintain industry-leading security without sacrificing the time to value of their applications. Not only can Edge and Shift Left principles exist together, but they can also work in harmony to provide a more effective security solution. Article Series: F5 Hybrid Security Architectures (Intro - One WAF Engine, Total Flexibility) F5 Hybrid Security Architectures (Part 1 - F5's Distributed Cloud WAF and BIG-IP Advanced WAF) F5 Hybrid Security Architectures (Part 2 - F5's Distributed Cloud WAF and NGINX App Protect WAF) F5 Hybrid Security Architectures (Part 3 - F5 XC API Protection and NGINX Ingress Controller) F5 Hybrid Security Architectures (Part 4 - F5 XC BOT and DDoS Defense and BIG-IP Advanced WAF) F5 Hybrid Security Architectures (Part 5 - F5 XC, BIG-IP APM, CIS, and NGINX Ingress Controller) For further information or to get started: F5 Distributed Cloud Platform (Link) F5 Distributed Cloud WAAP Services (Link) F5 Distributed Cloud WAAP YouTube series (Link) F5 Distributed Cloud WAAP Get Started (Link)
Cameron_Delano
Aug 17, 2024 Place Technical Articles
5.3KViews
5likes
2Comments
F5 Hybrid Security Architectures (Part 2 - F5's Distributed Cloud WAF and NGINX App Protect WAF)
Here in this example solution, we will be using Terraform to deploy an AWS Elastic Kubernetes Service cluster running the Arcadia Finance test web application serviced by F5 NGINX Kubernetes Ingress Controller and protected by NGINX App Protect WAF. We will supplement this with F5 Distributed Cloud Web App and API Protection to provide complimentary security at the edge. Everything will be tied together using GitHub Actions for CI/CD and Terraform Cloud to maintain state.
Cameron_Delano
Aug 06, 2024 Place Technical Articles
5.1KViews
4likes
0Comments
F5 Hybrid Security Architectures: One WAF Engine, Total Flexibility (Intro)
Layered security, we have been told for years that the most effective security strategy is composed of multiple, loosely coupled or independent layers of security controls. A WAF fits snuggly into the technical security controls area and has long been known as an essential piece of application security. What if we take this further and apply the layered approach directly to our WAF deployment? The F5 Hybrid Security Architectures explores this approach utilizing F5's best in class WAF products.
Cameron_Delano
Aug 06, 2024 Place Technical Articles
8.4KViews
11likes
0Comments
Minimizing Security Complexity: Managing Distributed WAF Policies
In this article and demo, we'll explore a few best practices and tools available to help organizations maintain robust security postures across their entire WAF infrastructure, and how embracing modern approaches like DevSecOps and the F5 Policy Supervisor and Conversion tools can help overcome the challenges of managing security policies at scale.
Cameron_Delano
Mar 15, 2024 Place Technical Articles
3.3KViews
2likes
0Comments
F5 Hybrid Security Architectures (Part 1 - F5's Distributed Cloud WAF and BIG-IP Advanced WAF)
Here in our first example solution, we will be using Terraform to deploy an application server running the OWASP Juice Shop application serviced by a F5 BIG-IP Advanced WAF Virtual Edition. We will supplement this with F5 Distributed Cloud Web App and API Protection to provide complimentary security at the edge. Everything will be tied together using GitHub Actions for CI/CD and Terraform Cloud to maintain state.
Cameron_Delano
Oct 12, 2023 Place Technical Articles
6.7KViews
4likes
0Comments
F5 Hybrid Security Architectures (Part 5 - F5 XC, BIG-IP APM, CIS, and NGINX Ingress Controller)
Here in this example solution, we will be using DevSecOps practices to deploy an AWS Elastic Kubernetes Service (EKS) cluster running the Brewz test web application serviced by F5 NGINX Ingress Controller. To secure our application and APIs, we will deploy F5 Distributed Cloud's Web App and API Protection service as well as F5 BIG-IP Access Policy Manger and Advanced WAF. We will then use F5 Container Ingress Service and IngressLink to tie it all together.
Cameron_Delano
Sep 23, 2023 Place Technical Articles
1.8KViews
3likes
0Comments
F5 Hybrid Security Architectures (Part 4 - F5 XC BOT and DDoS Defense and BIG-IP Advanced WAF)
Here in our fourth example solution, we will be using Terraform to deploy an application server running the OWASP Juice Shop application serviced by a F5 BIG-IP Advanced WAF Virtual Edition. We will supplement this with F5 Distributed Cloud Web App and API Protection to provide BOT and DDoS Defense at the Edge. Everything will be tied together using GitHub Actions for CI/CD and Terraform Cloud to maintain state.
Cameron_Delano
Sep 15, 2023 Place Technical Articles
5.2KViews
3likes
0Comments
F5 Distributed Cloud Web App and API Protection hybrid architecture for DevSecOps
This article is aimed at exploring an architecture combining the strengths of two ways of packaging and deploying the F5 WAF engine: the NGINX App Protect and the Distributed Cloud WAAP.
Valentin_Tobi
Nov 15, 2022 Place Technical Articles
5KViews
7likes
0Comments

"}},"componentScriptGroups({\"componentId\":\"custom.widget.Beta_MetaNav\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"component({\"componentId\":\"custom.widget.Beta_Footer\"})":{"__typename":"Component","render({\"context\":{\"component\":{\"entities\":[],\"props\":{}},\"page\":{\"entities\":[],\"name\":\"TagPage\",\"props\":{},\"url\":\"https://community.f5.com/tag/series-f5-hybrid-architectures\"}}})":{"__typename":"ComponentRenderResult","html":"

Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information

"}},"componentScriptGroups({\"componentId\":\"custom.widget.Beta_Footer\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"component({\"componentId\":\"custom.widget.Tag_Manager_Helper\"})":{"__typename":"Component","render({\"context\":{\"component\":{\"entities\":[],\"props\":{}},\"page\":{\"entities\":[],\"name\":\"TagPage\",\"props\":{},\"url\":\"https://community.f5.com/tag/series-f5-hybrid-architectures\"}}})":{"__typename":"ComponentRenderResult","html":" "}},"componentScriptGroups({\"componentId\":\"custom.widget.Tag_Manager_Helper\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"component({\"componentId\":\"custom.widget.Consent_Blackbar\"})":{"__typename":"Component","render({\"context\":{\"component\":{\"entities\":[],\"props\":{}},\"page\":{\"entities\":[],\"name\":\"TagPage\",\"props\":{},\"url\":\"https://community.f5.com/tag/series-f5-hybrid-architectures\"}}})":{"__typename":"ComponentRenderResult","html":"

"}},"componentScriptGroups({\"componentId\":\"custom.widget.Consent_Blackbar\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"cachedText({\"lastModified\":\"1743097583694\",\"locale\":\"en-US\",\"namespaces\":[\"components/community/NavbarDropdownToggle\"]})":[{"__ref":"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1743097583694"}],"cachedText({\"lastModified\":\"1743097583694\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/common/OverflowNav\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/common/OverflowNav-1743097583694"}],"cachedText({\"lastModified\":\"1743097583694\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageView/MessageViewInline\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageView/MessageViewInline-1743097583694"}],"cachedText({\"lastModified\":\"1743097583694\",\"locale\":\"en-US\",\"namespaces\":[\"components/customComponent/CustomComponent\"]})":[{"__ref":"CachedAsset:text:en_US-components/customComponent/CustomComponent-1743097583694"}],"cachedText({\"lastModified\":\"1743097583694\",\"locale\":\"en-US\",\"namespaces\":[\"components/users/UserLink\"]})":[{"__ref":"CachedAsset:text:en_US-components/users/UserLink-1743097583694"}],"cachedText({\"lastModified\":\"1743097583694\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageSubject\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageSubject-1743097583694"}],"cachedText({\"lastModified\":\"1743097583694\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageBody\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageBody-1743097583694"}],"cachedText({\"lastModified\":\"1743097583694\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageTime\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageTime-1743097583694"}],"cachedText({\"lastModified\":\"1743097583694\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/nodes/NodeIcon\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1743097583694"}],"cachedText({\"lastModified\":\"1743097583694\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageUnreadCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageUnreadCount-1743097583694"}],"cachedText({\"lastModified\":\"1743097583694\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageViewCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageViewCount-1743097583694"}],"cachedText({\"lastModified\":\"1743097583694\",\"locale\":\"en-US\",\"namespaces\":[\"components/kudos/KudosCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/kudos/KudosCount-1743097583694"}],"cachedText({\"lastModified\":\"1743097583694\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageRepliesCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageRepliesCount-1743097583694"}],"cachedText({\"lastModified\":\"1743097583694\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/users/UserAvatar\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1743097583694"}]},"CachedAsset:pages-1742462926377":{"__typename":"CachedAsset","id":"pages-1742462926377","value":[{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"HowDoI.GetInvolved.MvpProgram","type":"COMMUNITY","urlPath":"/c/how-do-i/get-involved/mvp-program","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"BlogViewAllPostsPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId/all-posts/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"CasePortalPage","type":"CASE_PORTAL","urlPath":"/caseportal","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"CreateGroupHubPage","type":"GROUP_HUB","urlPath":"/groups/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"CaseViewPage","type":"CASE_DETAILS","urlPath":"/case/:caseId/:caseNumber","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"InboxPage","type":"COMMUNITY","urlPath":"/inbox","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"HowDoI.GetInvolved.AdvocacyProgram","type":"COMMUNITY","urlPath":"/c/how-do-i/get-involved/advocacy-program","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"HowDoI.GetHelp.NonCustomer","type":"COMMUNITY","urlPath":"/c/how-do-i/get-help/non-customer","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"HelpFAQPage","type":"COMMUNITY","urlPath":"/help","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"HowDoI.GetHelp.F5Customer","type":"COMMUNITY","urlPath":"/c/how-do-i/get-help/f5-customer","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"IdeaMessagePage","type":"IDEA_POST","urlPath":"/idea/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"IdeaViewAllIdeasPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/all-ideas/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"LoginPage","type":"USER","urlPath":"/signin","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"BlogPostPage","type":"BLOG","urlPath":"/category/:categoryId/blogs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"HowDoI.GetInvolved","type":"COMMUNITY","urlPath":"/c/how-do-i/get-involved","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"HowDoI.Learn","type":"COMMUNITY","urlPath":"/c/how-do-i/learn","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1739501996000,"localOverride":null,"page":{"id":"Test","type":"CUSTOM","urlPath":"/custom-test-2","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"ThemeEditorPage","type":"COMMUNITY","urlPath":"/designer/themes","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"TkbViewAllArticlesPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId/all-articles/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"OccasionEditPage","type":"EVENT","urlPath":"/event/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"OAuthAuthorizationAllowPage","type":"USER","urlPath":"/auth/authorize/allow","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"PageEditorPage","type":"COMMUNITY","urlPath":"/designer/pages","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"PostPage","type":"COMMUNITY","urlPath":"/category/:categoryId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"ForumBoardPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"TkbBoardPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"EventPostPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"UserBadgesPage","type":"COMMUNITY","urlPath":"/users/:login/:userId/badges","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"GroupHubMembershipAction","type":"GROUP_HUB","urlPath":"/membership/join/:nodeId/:membershipType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"MaintenancePage","type":"COMMUNITY","urlPath":"/maintenance","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"IdeaReplyPage","type":"IDEA_REPLY","urlPath":"/idea/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"UserSettingsPage","type":"USER","urlPath":"/mysettings/:userSettingsTab","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"GroupHubsPage","type":"GROUP_HUB","urlPath":"/groups","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"ForumPostPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"OccasionRsvpActionPage","type":"OCCASION","urlPath":"/event/:boardId/:messageSubject/:messageId/rsvp/:responseType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"VerifyUserEmailPage","type":"USER","urlPath":"/verifyemail/:userId/:verifyEmailToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"AllOccasionsPage","type":"OCCASION","urlPath":"/category/:categoryId/events/:boardId/all-events/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"EventBoardPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"TkbReplyPage","type":"TKB_REPLY","urlPath":"/kb/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"IdeaBoardPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"CommunityGuideLinesPage","type":"COMMUNITY","urlPath":"/communityguidelines","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"CaseCreatePage","type":"SALESFORCE_CASE_CREATION","urlPath":"/caseportal/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"TkbEditPage","type":"TKB","urlPath":"/kb/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"ForgotPasswordPage","type":"USER","urlPath":"/forgotpassword","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"IdeaEditPage","type":"IDEA","urlPath":"/idea/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"TagPage","type":"COMMUNITY","urlPath":"/tag/:tagName","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"BlogBoardPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"OccasionMessagePage","type":"OCCASION_TOPIC","urlPath":"/event/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"ManageContentPage","type":"COMMUNITY","urlPath":"/managecontent","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"ClosedMembershipNodeNonMembersPage","type":"GROUP_HUB","urlPath":"/closedgroup/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"HowDoI.GetHelp.Community","type":"COMMUNITY","urlPath":"/c/how-do-i/get-help/community","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"CommunityPage","type":"COMMUNITY","urlPath":"/","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"HowDoI.GetInvolved.ContributeCode","type":"COMMUNITY","urlPath":"/c/how-do-i/get-involved/contribute-code","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"ForumMessagePage","type":"FORUM_TOPIC","urlPath":"/discussions/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"IdeaPostPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"BlogMessagePage","type":"BLOG_ARTICLE","urlPath":"/blog/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"RegistrationPage","type":"USER","urlPath":"/register","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"EditGroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"ForumEditPage","type":"FORUM","urlPath":"/discussions/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"ResetPasswordPage","type":"USER","urlPath":"/resetpassword/:userId/:resetPasswordToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"TkbMessagePage","type":"TKB_ARTICLE","urlPath":"/kb/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"HowDoI.Learn.AboutIrules","type":"COMMUNITY","urlPath":"/c/how-do-i/learn/about-irules","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"BlogEditPage","type":"BLOG","urlPath":"/blog/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"HowDoI.GetHelp.F5Support","type":"COMMUNITY","urlPath":"/c/how-do-i/get-help/f5-support","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"ManageUsersPage","type":"USER","urlPath":"/users/manage/:tab?/:manageUsersTab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"ForumReplyPage","type":"FORUM_REPLY","urlPath":"/discussions/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"PrivacyPolicyPage","type":"COMMUNITY","urlPath":"/privacypolicy","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"NotificationPage","type":"COMMUNITY","urlPath":"/notifications","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"UserPage","type":"USER","urlPath":"/users/:login/:userId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"HealthCheckPage","type":"COMMUNITY","urlPath":"/health","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"OccasionReplyPage","type":"OCCASION_REPLY","urlPath":"/event/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"ManageMembersPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/manage/:tab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"SearchResultsPage","type":"COMMUNITY","urlPath":"/search","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"BlogReplyPage","type":"BLOG_REPLY","urlPath":"/blog/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"GroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"TermsOfServicePage","type":"COMMUNITY","urlPath":"/termsofservice","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"HowDoI.GetHelp","type":"COMMUNITY","urlPath":"/c/how-do-i/get-help","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"HowDoI.GetHelp.SecurityIncident","type":"COMMUNITY","urlPath":"/c/how-do-i/get-help/security-incident","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"CategoryPage","type":"CATEGORY","urlPath":"/category/:categoryId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"ForumViewAllTopicsPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/all-topics/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"TkbPostPage","type":"TKB","urlPath":"/category/:categoryId/kbs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"GroupHubPostPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742462926377,"localOverride":null,"page":{"id":"HowDoI","type":"COMMUNITY","urlPath":"/c/how-do-i","__typename":"PageDescriptor"},"__typename":"PageResource"}],"localOverride":false},"CachedAsset:text:en_US-components/context/AppContext/AppContextProvider-0":{"__typename":"CachedAsset","id":"text:en_US-components/context/AppContext/AppContextProvider-0","value":{"noCommunity":"Cannot find community","noUser":"Cannot find current user","noNode":"Cannot find node with id {nodeId}","noMessage":"Cannot find message with id {messageId}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-0":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-0","value":{"title":"Loading..."},"localOverride":false},"User:user:-1":{"__typename":"User","id":"user:-1","uid":-1,"login":"Former Member","email":"","avatar":null,"rank":null,"kudosWeight":1,"registrationData":{"__typename":"RegistrationData","status":"ANONYMOUS","registrationTime":null,"confirmEmailStatus":false,"registrationAccessLevel":"VIEW","ssoRegistrationFields":[]},"ssoId":null,"profileSettings":{"__typename":"ProfileSettings","dateDisplayStyle":{"__typename":"InheritableStringSettingWithPossibleValues","key":"layout.friendly_dates_enabled","value":"false","localValue":"true","possibleValues":["true","false"]},"dateDisplayFormat":{"__typename":"InheritableStringSetting","key":"layout.format_pattern_date","value":"dd-MMM-yyyy","localValue":"MM-dd-yyyy"},"language":{"__typename":"InheritableStringSettingWithPossibleValues","key":"profile.language","value":"en-US","localValue":null,"possibleValues":["en-US"]}},"deleted":false},"Theme:customTheme1":{"__typename":"Theme","id":"customTheme1"},"CachedAsset:theme:customTheme1-1742462925945":{"__typename":"CachedAsset","id":"theme:customTheme1-1742462925945","value":{"id":"customTheme1","animation":{"fast":"150ms","normal":"250ms","slow":"500ms","slowest":"750ms","function":"cubic-bezier(0.07, 0.91, 0.51, 1)","__typename":"AnimationThemeSettings"},"avatar":{"borderRadius":"50%","collections":["custom"],"__typename":"AvatarThemeSettings"},"basics":{"browserIcon":{"imageAssetName":"JimmyPackets-512-1702592938213.png","imageLastModified":"1702592945815","__typename":"ThemeAsset"},"customerLogo":{"imageAssetName":"f5_logo_fix-1704824537976.svg","imageLastModified":"1704824540697","__typename":"ThemeAsset"},"maximumWidthOfPageContent":"1600px","oneColumnNarrowWidth":"800px","gridGutterWidthMd":"30px","gridGutterWidthXs":"10px","pageWidthStyle":"WIDTH_OF_PAGE_CONTENT","__typename":"BasicsThemeSettings"},"buttons":{"borderRadiusSm":"5px","borderRadius":"5px","borderRadiusLg":"5px","paddingY":"5px","paddingYLg":"7px","paddingYHero":"var(--lia-bs-btn-padding-y-lg)","paddingX":"12px","paddingXLg":"14px","paddingXHero":"42px","fontStyle":"NORMAL","fontWeight":"400","textTransform":"NONE","disabledOpacity":0.5,"primaryTextColor":"var(--lia-bs-white)","primaryTextHoverColor":"var(--lia-bs-white)","primaryTextActiveColor":"var(--lia-bs-white)","primaryBgColor":"var(--lia-bs-primary)","primaryBgHoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.85))","primaryBgActiveColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.7))","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","primaryBorderActive":"1px solid transparent","primaryBorderFocus":"1px solid var(--lia-bs-white)","primaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","secondaryTextColor":"var(--lia-bs-gray-900)","secondaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","secondaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.9))","secondaryBgColor":"var(--lia-bs-gray-400)","secondaryBgHoverColor":"hsl(var(--lia-bs-gray-400-h), var(--lia-bs-gray-400-s), calc(var(--lia-bs-gray-400-l) * 0.96))","secondaryBgActiveColor":"hsl(var(--lia-bs-gray-400-h), var(--lia-bs-gray-400-s), calc(var(--lia-bs-gray-400-l) * 0.92))","secondaryBorder":"1px solid transparent","secondaryBorderHover":"1px solid transparent","secondaryBorderActive":"1px solid transparent","secondaryBorderFocus":"1px solid transparent","secondaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","tertiaryTextColor":"var(--lia-bs-gray-900)","tertiaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","tertiaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.9))","tertiaryBgColor":"transparent","tertiaryBgHoverColor":"transparent","tertiaryBgActiveColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.04)","tertiaryBorder":"1px solid transparent","tertiaryBorderHover":"1px solid hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","tertiaryBorderActive":"1px solid transparent","tertiaryBorderFocus":"1px solid transparent","tertiaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","destructiveTextColor":"var(--lia-bs-danger)","destructiveTextHoverColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.95))","destructiveTextActiveColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.9))","destructiveBgColor":"var(--lia-bs-gray-300)","destructiveBgHoverColor":"hsl(var(--lia-bs-gray-300-h), var(--lia-bs-gray-300-s), calc(var(--lia-bs-gray-300-l) * 0.96))","destructiveBgActiveColor":"hsl(var(--lia-bs-gray-300-h), var(--lia-bs-gray-300-s), calc(var(--lia-bs-gray-300-l) * 0.92))","destructiveBorder":"1px solid transparent","destructiveBorderHover":"1px solid transparent","destructiveBorderActive":"1px solid transparent","destructiveBorderFocus":"1px solid transparent","destructiveBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","__typename":"ButtonsThemeSettings"},"border":{"color":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","mainContent":"NONE","sideContent":"NONE","radiusSm":"3px","radius":"5px","radiusLg":"9px","radius50":"100vw","__typename":"BorderThemeSettings"},"boxShadow":{"xs":"0 0 0 1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08), 0 3px 0 -1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08)","sm":"0 2px 4px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.06)","md":"0 5px 15px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.15)","lg":"0 10px 30px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.15)","__typename":"BoxShadowThemeSettings"},"cards":{"bgColor":"var(--lia-panel-bg-color)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":"var(--lia-box-shadow-xs)","__typename":"CardsThemeSettings"},"chip":{"maxWidth":"300px","height":"30px","__typename":"ChipThemeSettings"},"coreTypes":{"defaultMessageLinkColor":"var(--lia-bs-primary)","defaultMessageLinkDecoration":"none","defaultMessageLinkFontStyle":"NORMAL","defaultMessageLinkFontWeight":"400","defaultMessageFontStyle":"NORMAL","defaultMessageFontWeight":"400","forumColor":"#0C5C8D","forumFontFamily":"var(--lia-bs-font-family-base)","forumFontWeight":"var(--lia-default-message-font-weight)","forumLineHeight":"var(--lia-bs-line-height-base)","forumFontStyle":"var(--lia-default-message-font-style)","forumMessageLinkColor":"var(--lia-default-message-link-color)","forumMessageLinkDecoration":"var(--lia-default-message-link-decoration)","forumMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","forumMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","forumSolvedColor":"#62C026","blogColor":"#730015","blogFontFamily":"var(--lia-bs-font-family-base)","blogFontWeight":"var(--lia-default-message-font-weight)","blogLineHeight":"1.75","blogFontStyle":"var(--lia-default-message-font-style)","blogMessageLinkColor":"var(--lia-default-message-link-color)","blogMessageLinkDecoration":"var(--lia-default-message-link-decoration)","blogMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","blogMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","tkbColor":"#C20025","tkbFontFamily":"var(--lia-bs-font-family-base)","tkbFontWeight":"var(--lia-default-message-font-weight)","tkbLineHeight":"1.75","tkbFontStyle":"var(--lia-default-message-font-style)","tkbMessageLinkColor":"var(--lia-default-message-link-color)","tkbMessageLinkDecoration":"var(--lia-default-message-link-decoration)","tkbMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","tkbMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaColor":"#4099E2","qandaFontFamily":"var(--lia-bs-font-family-base)","qandaFontWeight":"var(--lia-default-message-font-weight)","qandaLineHeight":"var(--lia-bs-line-height-base)","qandaFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkColor":"var(--lia-default-message-link-color)","qandaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","qandaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaSolvedColor":"#3FA023","ideaColor":"#F3704B","ideaFontFamily":"var(--lia-bs-font-family-base)","ideaFontWeight":"var(--lia-default-message-font-weight)","ideaLineHeight":"var(--lia-bs-line-height-base)","ideaFontStyle":"var(--lia-default-message-font-style)","ideaMessageLinkColor":"var(--lia-default-message-link-color)","ideaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","ideaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","ideaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","contestColor":"#FCC845","contestFontFamily":"var(--lia-bs-font-family-base)","contestFontWeight":"var(--lia-default-message-font-weight)","contestLineHeight":"var(--lia-bs-line-height-base)","contestFontStyle":"var(--lia-default-message-link-font-style)","contestMessageLinkColor":"var(--lia-default-message-link-color)","contestMessageLinkDecoration":"var(--lia-default-message-link-decoration)","contestMessageLinkFontStyle":"ITALIC","contestMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","occasionColor":"#EE4B5B","occasionFontFamily":"var(--lia-bs-font-family-base)","occasionFontWeight":"var(--lia-default-message-font-weight)","occasionLineHeight":"var(--lia-bs-line-height-base)","occasionFontStyle":"var(--lia-default-message-font-style)","occasionMessageLinkColor":"var(--lia-default-message-link-color)","occasionMessageLinkDecoration":"var(--lia-default-message-link-decoration)","occasionMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","occasionMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","grouphubColor":"#491B62","categoryColor":"#949494","communityColor":"#FFFFFF","productColor":"#949494","__typename":"CoreTypesThemeSettings"},"colors":{"black":"#000000","white":"#FFFFFF","gray100":"#F7F7F7","gray200":"#F7F7F7","gray300":"#E8E8E8","gray400":"#D9D9D9","gray500":"#CCCCCC","gray600":"#949494","gray700":"#707070","gray800":"#545454","gray900":"#333333","dark":"#545454","light":"#F7F7F7","primary":"#0C5C8D","secondary":"#333333","bodyText":"#222222","bodyBg":"#F5F5F5","info":"#1D9CD3","success":"#62C026","warning":"#FFD651","danger":"#C20025","alertSystem":"#FF6600","textMuted":"#707070","highlight":"#FFFCAD","outline":"var(--lia-bs-primary)","custom":["#C20025","#081B85","#009639","#B3C6D7","#7CC0EB","#F29A36"],"__typename":"ColorsThemeSettings"},"divider":{"size":"3px","marginLeft":"4px","marginRight":"4px","borderRadius":"50%","bgColor":"var(--lia-bs-gray-600)","bgColorActive":"var(--lia-bs-gray-600)","__typename":"DividerThemeSettings"},"dropdown":{"fontSize":"var(--lia-bs-font-size-sm)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius-sm)","dividerBg":"var(--lia-bs-gray-300)","itemPaddingY":"5px","itemPaddingX":"20px","headerColor":"var(--lia-bs-gray-700)","__typename":"DropdownThemeSettings"},"email":{"link":{"color":"#0069D4","hoverColor":"#0061c2","decoration":"none","hoverDecoration":"underline","__typename":"EmailLinkSettings"},"border":{"color":"#e4e4e4","__typename":"EmailBorderSettings"},"buttons":{"borderRadiusLg":"5px","paddingXLg":"16px","paddingYLg":"7px","fontWeight":"700","primaryTextColor":"#ffffff","primaryTextHoverColor":"#ffffff","primaryBgColor":"#0069D4","primaryBgHoverColor":"#005cb8","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","__typename":"EmailButtonsSettings"},"panel":{"borderRadius":"5px","borderColor":"#e4e4e4","__typename":"EmailPanelSettings"},"__typename":"EmailThemeSettings"},"emoji":{"skinToneDefault":"#ffcd43","skinToneLight":"#fae3c5","skinToneMediumLight":"#e2cfa5","skinToneMedium":"#daa478","skinToneMediumDark":"#a78058","skinToneDark":"#5e4d43","__typename":"EmojiThemeSettings"},"heading":{"color":"var(--lia-bs-body-color)","fontFamily":"Inter","fontStyle":"NORMAL","fontWeight":"600","h1FontSize":"30px","h2FontSize":"25px","h3FontSize":"20px","h4FontSize":"18px","h5FontSize":"16px","h6FontSize":"16px","lineHeight":"1.2","subHeaderFontSize":"11px","subHeaderFontWeight":"500","h1LetterSpacing":"normal","h2LetterSpacing":"normal","h3LetterSpacing":"normal","h4LetterSpacing":"normal","h5LetterSpacing":"normal","h6LetterSpacing":"normal","subHeaderLetterSpacing":"2px","h1FontWeight":"var(--lia-bs-headings-font-weight)","h2FontWeight":"var(--lia-bs-headings-font-weight)","h3FontWeight":"var(--lia-bs-headings-font-weight)","h4FontWeight":"var(--lia-bs-headings-font-weight)","h5FontWeight":"var(--lia-bs-headings-font-weight)","h6FontWeight":"var(--lia-bs-headings-font-weight)","__typename":"HeadingThemeSettings"},"icons":{"size10":"10px","size12":"12px","size14":"14px","size16":"16px","size20":"20px","size24":"24px","size30":"30px","size40":"40px","size50":"50px","size60":"60px","size80":"80px","size120":"120px","size160":"160px","__typename":"IconsThemeSettings"},"imagePreview":{"bgColor":"var(--lia-bs-gray-900)","titleColor":"var(--lia-bs-white)","controlColor":"var(--lia-bs-white)","controlBgColor":"var(--lia-bs-gray-800)","__typename":"ImagePreviewThemeSettings"},"input":{"borderColor":"var(--lia-bs-gray-600)","disabledColor":"var(--lia-bs-gray-600)","focusBorderColor":"var(--lia-bs-primary)","labelMarginBottom":"10px","btnFontSize":"var(--lia-bs-font-size-sm)","focusBoxShadow":"0 0 0 3px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","checkLabelMarginBottom":"2px","checkboxBorderRadius":"3px","borderRadiusSm":"var(--lia-bs-border-radius-sm)","borderRadius":"var(--lia-bs-border-radius)","borderRadiusLg":"var(--lia-bs-border-radius-lg)","formTextMarginTop":"4px","textAreaBorderRadius":"var(--lia-bs-border-radius)","activeFillColor":"var(--lia-bs-primary)","__typename":"InputThemeSettings"},"loading":{"dotDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.2)","dotLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.5)","barDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.06)","barLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.4)","__typename":"LoadingThemeSettings"},"link":{"color":"var(--lia-bs-primary)","hoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) - 10%))","decoration":"none","hoverDecoration":"underline","__typename":"LinkThemeSettings"},"listGroup":{"itemPaddingY":"15px","itemPaddingX":"15px","borderColor":"var(--lia-bs-gray-300)","__typename":"ListGroupThemeSettings"},"modal":{"contentTextColor":"var(--lia-bs-body-color)","contentBg":"var(--lia-bs-white)","backgroundBg":"var(--lia-bs-black)","smSize":"440px","mdSize":"760px","lgSize":"1080px","backdropOpacity":0.3,"contentBoxShadowXs":"var(--lia-bs-box-shadow-sm)","contentBoxShadow":"var(--lia-bs-box-shadow)","headerFontWeight":"700","__typename":"ModalThemeSettings"},"navbar":{"position":"FIXED","background":{"attachment":null,"clip":null,"color":"var(--lia-bs-white)","imageAssetName":null,"imageLastModified":"0","origin":null,"position":"CENTER_CENTER","repeat":"NO_REPEAT","size":"COVER","__typename":"BackgroundProps"},"backgroundOpacity":0.8,"paddingTop":"15px","paddingBottom":"15px","borderBottom":"1px solid var(--lia-bs-border-color)","boxShadow":"var(--lia-bs-box-shadow-sm)","brandMarginRight":"30px","brandMarginRightSm":"10px","brandLogoHeight":"30px","linkGap":"10px","linkJustifyContent":"flex-start","linkPaddingY":"5px","linkPaddingX":"10px","linkDropdownPaddingY":"9px","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkColor":"var(--lia-bs-body-color)","linkHoverColor":"var(--lia-bs-primary)","linkFontSize":"var(--lia-bs-font-size-sm)","linkFontStyle":"NORMAL","linkFontWeight":"400","linkTextTransform":"NONE","linkLetterSpacing":"normal","linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkBgColor":"transparent","linkBgHoverColor":"transparent","linkBorder":"none","linkBorderHover":"none","linkBoxShadow":"none","linkBoxShadowHover":"none","linkTextBorderBottom":"none","linkTextBorderBottomHover":"none","dropdownPaddingTop":"10px","dropdownPaddingBottom":"15px","dropdownPaddingX":"10px","dropdownMenuOffset":"2px","dropdownDividerMarginTop":"10px","dropdownDividerMarginBottom":"10px","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","controllerIconColor":"var(--lia-bs-body-color)","controllerIconHoverColor":"var(--lia-bs-body-color)","controllerTextColor":"var(--lia-nav-controller-icon-color)","controllerTextHoverColor":"var(--lia-nav-controller-icon-hover-color)","controllerHighlightColor":"hsla(30, 100%, 50%)","controllerHighlightTextColor":"var(--lia-yiq-light)","controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerColor":"var(--lia-nav-controller-icon-color)","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","hamburgerBgColor":"transparent","hamburgerBgHoverColor":"transparent","hamburgerBorder":"none","hamburgerBorderHover":"none","collapseMenuMarginLeft":"20px","collapseMenuDividerBg":"var(--lia-nav-link-color)","collapseMenuDividerOpacity":0.16,"__typename":"NavbarThemeSettings"},"pager":{"textColor":"var(--lia-bs-link-color)","textFontWeight":"var(--lia-font-weight-md)","textFontSize":"var(--lia-bs-font-size-sm)","__typename":"PagerThemeSettings"},"panel":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-bs-border-radius)","borderColor":"var(--lia-bs-border-color)","boxShadow":"none","__typename":"PanelThemeSettings"},"popover":{"arrowHeight":"8px","arrowWidth":"16px","maxWidth":"300px","minWidth":"100px","headerBg":"var(--lia-bs-white)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius)","boxShadow":"0 0.5rem 1rem hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.15)","__typename":"PopoverThemeSettings"},"prism":{"color":"#000000","bgColor":"#f5f2f0","fontFamily":"var(--font-family-monospace)","fontSize":"var(--lia-bs-font-size-base)","fontWeightBold":"var(--lia-bs-font-weight-bold)","fontStyleItalic":"italic","tabSize":2,"highlightColor":"#b3d4fc","commentColor":"#62707e","punctuationColor":"#6f6f6f","namespaceOpacity":"0.7","propColor":"#990055","selectorColor":"#517a00","operatorColor":"#906736","operatorBgColor":"hsla(0, 0%, 100%, 0.5)","keywordColor":"#0076a9","functionColor":"#d3284b","variableColor":"#c14700","__typename":"PrismThemeSettings"},"rte":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":" var(--lia-panel-box-shadow)","customColor1":"#bfedd2","customColor2":"#fbeeb8","customColor3":"#f8cac6","customColor4":"#eccafa","customColor5":"#c2e0f4","customColor6":"#2dc26b","customColor7":"#f1c40f","customColor8":"#e03e2d","customColor9":"#b96ad9","customColor10":"#3598db","customColor11":"#169179","customColor12":"#e67e23","customColor13":"#ba372a","customColor14":"#843fa1","customColor15":"#236fa1","customColor16":"#ecf0f1","customColor17":"#ced4d9","customColor18":"#95a5a6","customColor19":"#7e8c8d","customColor20":"#34495e","customColor21":"#000000","customColor22":"#ffffff","defaultMessageHeaderMarginTop":"14px","defaultMessageHeaderMarginBottom":"10px","defaultMessageItemMarginTop":"0","defaultMessageItemMarginBottom":"10px","diffAddedColor":"hsla(170, 53%, 51%, 0.4)","diffChangedColor":"hsla(43, 97%, 63%, 0.4)","diffNoneColor":"hsla(0, 0%, 80%, 0.4)","diffRemovedColor":"hsla(9, 74%, 47%, 0.4)","specialMessageHeaderMarginTop":"14px","specialMessageHeaderMarginBottom":"10px","specialMessageItemMarginTop":"0","specialMessageItemMarginBottom":"10px","__typename":"RteThemeSettings"},"tags":{"bgColor":"var(--lia-bs-gray-200)","bgHoverColor":"var(--lia-bs-gray-400)","borderRadius":"var(--lia-bs-border-radius-sm)","color":"var(--lia-bs-body-color)","hoverColor":"var(--lia-bs-body-color)","fontWeight":"var(--lia-font-weight-md)","fontSize":"var(--lia-font-size-xxs)","textTransform":"UPPERCASE","letterSpacing":"0.5px","__typename":"TagsThemeSettings"},"toasts":{"borderRadius":"var(--lia-bs-border-radius)","paddingX":"12px","__typename":"ToastsThemeSettings"},"typography":{"fontFamilyBase":"Atkinson Hyperlegible","fontStyleBase":"NORMAL","fontWeightBase":"400","fontWeightLight":"300","fontWeightNormal":"400","fontWeightMd":"500","fontWeightBold":"700","letterSpacingSm":"normal","letterSpacingXs":"normal","lineHeightBase":"1.3","fontSizeBase":"15px","fontSizeXxs":"11px","fontSizeXs":"12px","fontSizeSm":"13px","fontSizeLg":"20px","fontSizeXl":"24px","smallFontSize":"14px","customFonts":[],"__typename":"TypographyThemeSettings"},"unstyledListItem":{"marginBottomSm":"5px","marginBottomMd":"10px","marginBottomLg":"15px","marginBottomXl":"20px","marginBottomXxl":"25px","__typename":"UnstyledListItemThemeSettings"},"yiq":{"light":"#ffffff","dark":"#000000","__typename":"YiqThemeSettings"},"colorLightness":{"primaryDark":0.36,"primaryLight":0.74,"primaryLighter":0.89,"primaryLightest":0.95,"infoDark":0.39,"infoLight":0.72,"infoLighter":0.85,"infoLightest":0.93,"successDark":0.24,"successLight":0.62,"successLighter":0.8,"successLightest":0.91,"warningDark":0.39,"warningLight":0.68,"warningLighter":0.84,"warningLightest":0.93,"dangerDark":0.41,"dangerLight":0.72,"dangerLighter":0.89,"dangerLightest":0.95,"__typename":"ColorLightnessThemeSettings"},"localOverride":false,"__typename":"Theme"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-1743097583694":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-1743097583694","value":{"title":"Loading..."},"localOverride":false},"CachedAsset:text:en_US-components/common/EmailVerification-1743097583694":{"__typename":"CachedAsset","id":"text:en_US-components/common/EmailVerification-1743097583694","value":{"email.verification.title":"Email Verification Required","email.verification.message.update.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. To change your email, visit My Settings.","email.verification.message.resend.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. Resend email."},"localOverride":false},"CachedAsset:text:en_US-pages/tags/TagPage-1743097583694":{"__typename":"CachedAsset","id":"text:en_US-pages/tags/TagPage-1743097583694","value":{"tagPageTitle":"Tag:\"{tagName}\" | {communityTitle}","tagPageForNodeTitle":"Tag:\"{tagName}\" in \"{title}\" | {communityTitle}","name":"Tags Page","tag":"Tag: {tagName}"},"localOverride":false},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bi0zNC0xM2k0MzE3N0Q2NjFBRDg5NDAy\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bi0zNC0xM2k0MzE3N0Q2NjFBRDg5NDAy","mimeType":"image/png"},"Category:category:Articles":{"__typename":"Category","id":"category:Articles","entityType":"CATEGORY","displayId":"Articles","nodeType":"category","depth":1,"title":"Articles","shortTitle":"Articles","parent":{"__ref":"Category:category:top"},"categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:top":{"__typename":"Category","id":"category:top","displayId":"top","nodeType":"category","depth":0,"title":"Top"},"Tkb:board:TechnicalArticles":{"__typename":"Tkb","id":"board:TechnicalArticles","entityType":"TKB","displayId":"TechnicalArticles","nodeType":"board","depth":2,"conversationStyle":"TKB","title":"Technical Articles","description":"F5 SMEs share good practice.","avatar":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bi0zNC0xM2k0MzE3N0Q2NjFBRDg5NDAy\"}"},"profileSettings":{"__typename":"ProfileSettings","language":null},"parent":{"__ref":"Category:category:Articles"},"ancestors":{"__typename":"CoreNodeConnection","edges":[{"__typename":"CoreNodeEdge","node":{"__ref":"Community:community:zihoc95639"}},{"__typename":"CoreNodeEdge","node":{"__ref":"Category:category:Articles"}}]},"userContext":{"__typename":"NodeUserContext","canAddAttachments":false,"canUpdateNode":false,"canPostMessages":false,"isSubscribed":false},"boardPolicies":{"__typename":"BoardPolicies","canPublishArticleOnCreate":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.forums.policy_can_publish_on_create_workflow_action.accessDenied","key":"error.lithium.policies.forums.policy_can_publish_on_create_workflow_action.accessDenied","args":[]}},"canReadNode":{"__typename":"PolicyResult","failureReason":null}},"tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"shortTitle":"Technical Articles","tagPolicies":{"__typename":"TagPolicies","canSubscribeTagOnNode":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.labels.action.corenode.subscribe_labels.allow.accessDenied","key":"error.lithium.policies.labels.action.corenode.subscribe_labels.allow.accessDenied","args":[]}},"canManageTagDashboard":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.labels.action.corenode.admin_labels.allow.accessDenied","key":"error.lithium.policies.labels.action.corenode.admin_labels.allow.accessDenied","args":[]}}}},"CachedAsset:quilt:f5.prod:pages/tags/TagPage:board:TechnicalArticles-1743097588405":{"__typename":"CachedAsset","id":"quilt:f5.prod:pages/tags/TagPage:board:TechnicalArticles-1743097588405","value":{"id":"TagPage","container":{"id":"Common","headerProps":{"removeComponents":["community.widget.bannerWidget"],"__typename":"QuiltContainerSectionProps"},"items":[{"id":"tag-header-widget","layout":"ONE_COLUMN","bgColor":"var(--lia-bs-white)","showBorder":"BOTTOM","sectionEditLevel":"LOCKED","columnMap":{"main":[{"id":"tags.widget.TagsHeaderWidget","__typename":"QuiltComponent"}],"__typename":"OneSectionColumns"},"__typename":"OneColumnQuiltSection"},{"id":"messages-list-for-tag-widget","layout":"ONE_COLUMN","columnMap":{"main":[{"id":"messages.widget.messageListForNodeByRecentActivityWidget","props":{"viewVariant":{"type":"inline","props":{"useUnreadCount":true,"useViewCount":true,"useAuthorLogin":true,"clampBodyLines":3,"useAvatar":true,"useBoardIcon":false,"useKudosCount":true,"usePreviewMedia":true,"useTags":false,"useNode":true,"useNodeLink":true,"useTextBody":true,"truncateBodyLength":-1,"useBody":true,"useRepliesCount":true,"useSolvedBadge":true,"timeStampType":"conversation.lastPostingActivityTime","useMessageTimeLink":true,"clampSubjectLines":2}},"panelType":"divider","useTitle":false,"hideIfEmpty":false,"pagerVariant":{"type":"loadMore"},"style":"list","showTabs":true,"tabItemMap":{"default":{"mostRecent":true,"mostRecentUserContent":false,"newest":false},"additional":{"mostKudoed":true,"mostViewed":true,"mostReplies":false,"noReplies":false,"noSolutions":false,"solutions":false}}},"__typename":"QuiltComponent"}],"__typename":"OneSectionColumns"},"__typename":"OneColumnQuiltSection"}],"__typename":"QuiltContainer"},"__typename":"Quilt"},"localOverride":false},"CachedAsset:quiltWrapper:f5.prod:Common:1742462839017":{"__typename":"CachedAsset","id":"quiltWrapper:f5.prod:Common:1742462839017","value":{"id":"Common","header":{"backgroundImageProps":{"assetName":"header.jpg","backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"LEFT_CENTER","lastModified":"1702932449000","__typename":"BackgroundImageProps"},"backgroundColor":"transparent","items":[{"id":"custom.widget.Beta_MetaNav","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"community.widget.navbarWidget","props":{"showUserName":false,"showRegisterLink":true,"style":{"boxShadow":"var(--lia-bs-box-shadow-sm)","linkFontWeight":"700","controllerHighlightColor":"hsla(30, 100%, 50%)","dropdownDividerMarginBottom":"10px","hamburgerBorderHover":"none","linkFontSize":"15px","linkBoxShadowHover":"none","backgroundOpacity":0.4,"controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerBgColor":"transparent","linkTextBorderBottom":"none","hamburgerColor":"var(--lia-nav-controller-icon-color)","brandLogoHeight":"48px","linkLetterSpacing":"normal","linkBgHoverColor":"transparent","collapseMenuDividerOpacity":0.16,"paddingBottom":"10px","dropdownPaddingBottom":"15px","dropdownMenuOffset":"2px","hamburgerBgHoverColor":"transparent","borderBottom":"0","hamburgerBorder":"none","dropdownPaddingX":"10px","brandMarginRightSm":"10px","linkBoxShadow":"none","linkJustifyContent":"center","linkColor":"var(--lia-bs-primary)","collapseMenuDividerBg":"var(--lia-nav-link-color)","dropdownPaddingTop":"10px","controllerHighlightTextColor":"var(--lia-yiq-dark)","background":{"imageAssetName":"","color":"var(--lia-bs-white)","size":"COVER","repeat":"NO_REPEAT","position":"CENTER_CENTER","imageLastModified":""},"linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkHoverColor":"var(--lia-bs-primary)","position":"FIXED","linkBorder":"none","linkTextBorderBottomHover":"2px solid #0C5C8D","brandMarginRight":"30px","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","linkBorderHover":"none","collapseMenuMarginLeft":"20px","linkFontStyle":"NORMAL","linkPaddingX":"10px","paddingTop":"10px","linkPaddingY":"5px","linkTextTransform":"NONE","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkBgColor":"transparent","linkDropdownPaddingY":"9px","controllerIconColor":"#0C5C8D","dropdownDividerMarginTop":"10px","linkGap":"10px","controllerIconHoverColor":"#0C5C8D"},"links":{"sideLinks":[],"mainLinks":[{"children":[{"linkType":"INTERNAL","id":"migrated-link-1","params":{"boardId":"TechnicalForum","categoryId":"Forums"},"routeName":"ForumBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-2","params":{"boardId":"WaterCooler","categoryId":"Forums"},"routeName":"ForumBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-0","params":{"categoryId":"Forums"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-4","params":{"boardId":"codeshare","categoryId":"CrowdSRC"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-5","params":{"boardId":"communityarticles","categoryId":"CrowdSRC"},"routeName":"TkbBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-3","params":{"categoryId":"CrowdSRC"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-7","params":{"boardId":"TechnicalArticles","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"article-series","params":{"boardId":"article-series","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"security-insights","params":{"boardId":"security-insights","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-8","params":{"boardId":"DevCentralNews","categoryId":"Articles"},"routeName":"TkbBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-6","params":{"categoryId":"Articles"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-10","params":{"categoryId":"CommunityGroups"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"migrated-link-11","params":{"categoryId":"F5-Groups"},"routeName":"CategoryPage"}],"linkType":"INTERNAL","id":"migrated-link-9","params":{"categoryId":"GroupsCategory"},"routeName":"CategoryPage"},{"children":[],"linkType":"INTERNAL","id":"migrated-link-12","params":{"boardId":"Events","categoryId":"top"},"routeName":"EventBoardPage"},{"children":[],"linkType":"INTERNAL","id":"migrated-link-13","params":{"boardId":"Suggestions","categoryId":"top"},"routeName":"IdeaBoardPage"},{"children":[],"linkType":"EXTERNAL","id":"Common-external-link","url":"https://community.f5.com/c/how-do-i","target":"SELF"}]},"className":"QuiltComponent_lia-component-edit-mode__lQ9Z6","showSearchIcon":false},"__typename":"QuiltComponent"},{"id":"community.widget.bannerWidget","props":{"backgroundColor":"transparent","visualEffects":{"showBottomBorder":false},"backgroundImageProps":{"backgroundSize":"COVER","backgroundPosition":"CENTER_CENTER","backgroundRepeat":"NO_REPEAT"},"fontColor":"#222222"},"__typename":"QuiltComponent"},{"id":"community.widget.breadcrumbWidget","props":{"backgroundColor":"var(--lia-bs-primary)","linkHighlightColor":"#FFFFFF","visualEffects":{"showBottomBorder":false},"backgroundOpacity":60,"linkTextColor":"#FFFFFF"},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"footer":{"backgroundImageProps":{"assetName":null,"backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"CENTER_CENTER","lastModified":null,"__typename":"BackgroundImageProps"},"backgroundColor":"var(--lia-bs-body-color)","items":[{"id":"custom.widget.Beta_Footer","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"custom.widget.Tag_Manager_Helper","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"custom.widget.Consent_Blackbar","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"__typename":"QuiltWrapper","localOverride":false},"localOverride":false},"CachedAsset:text:en_US-components/common/ActionFeedback-1743097583694":{"__typename":"CachedAsset","id":"text:en_US-components/common/ActionFeedback-1743097583694","value":{"joinedGroupHub.title":"Welcome","joinedGroupHub.message":"You are now a member of this group and are subscribed to updates.","groupHubInviteNotFound.title":"Invitation Not Found","groupHubInviteNotFound.message":"Sorry, we could not find your invitation to the group. The owner may have canceled the invite.","groupHubNotFound.title":"Group Not Found","groupHubNotFound.message":"The grouphub you tried to join does not exist. It may have been deleted.","existingGroupHubMember.title":"Already Joined","existingGroupHubMember.message":"You are already a member of this group.","accountLocked.title":"Account Locked","accountLocked.message":"Your account has been locked due to multiple failed attempts. Try again in {lockoutTime} minutes.","editedGroupHub.title":"Changes Saved","editedGroupHub.message":"Your group has been updated.","leftGroupHub.title":"Goodbye","leftGroupHub.message":"You are no longer a member of this group and will not receive future updates.","deletedGroupHub.title":"Deleted","deletedGroupHub.message":"The group has been deleted.","groupHubCreated.title":"Group Created","groupHubCreated.message":"{groupHubName} is ready to use","accountClosed.title":"Account Closed","accountClosed.message":"The account has been closed and you will now be redirected to the homepage","resetTokenExpired.title":"Reset Password Link has Expired","resetTokenExpired.message":"Try resetting your password again","invalidUrl.title":"Invalid URL","invalidUrl.message":"The URL you're using is not recognized. Verify your URL and try again.","accountClosedForUser.title":"Account Closed","accountClosedForUser.message":"{userName}'s account is closed","inviteTokenInvalid.title":"Invitation Invalid","inviteTokenInvalid.message":"Your invitation to the community has been canceled or expired.","inviteTokenError.title":"Invitation Verification Failed","inviteTokenError.message":"The url you are utilizing is not recognized. Verify your URL and try again","pageNotFound.title":"Access Denied","pageNotFound.message":"You do not have access to this area of the community or it doesn't exist","eventAttending.title":"Responded as Attending","eventAttending.message":"You'll be notified when there's new activity and reminded as the event approaches","eventInterested.title":"Responded as Interested","eventInterested.message":"You'll be notified when there's new activity and reminded as the event approaches","eventNotFound.title":"Event Not Found","eventNotFound.message":"The event you tried to respond to does not exist.","redirectToRelatedPage.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.message":"The content you are trying to access is archived","redirectToRelatedPage.message":"The content you are trying to access is archived","relatedUrl.archivalLink.flyoutMessage":"The content you are trying to access is archived View Archived Content"},"localOverride":false},"CachedAsset:component:custom.widget.Beta_MetaNav-en-1742462941765":{"__typename":"CachedAsset","id":"component:custom.widget.Beta_MetaNav-en-1742462941765","value":{"component":{"id":"custom.widget.Beta_MetaNav","template":{"id":"Beta_MetaNav","markupLanguage":"HANDLEBARS","style":null,"texts":null,"defaults":{"config":{"applicablePages":[],"description":"MetaNav menu at the top of every page.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Beta_MetaNav","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"MetaNav menu at the top of every page.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Beta_Footer-en-1742462941765":{"__typename":"CachedAsset","id":"component:custom.widget.Beta_Footer-en-1742462941765","value":{"component":{"id":"custom.widget.Beta_Footer","template":{"id":"Beta_Footer","markupLanguage":"HANDLEBARS","style":null,"texts":null,"defaults":{"config":{"applicablePages":[],"description":"DevCentral´s custom footer.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Beta_Footer","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"DevCentral´s custom footer.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Tag_Manager_Helper-en-1742462941765":{"__typename":"CachedAsset","id":"component:custom.widget.Tag_Manager_Helper-en-1742462941765","value":{"component":{"id":"custom.widget.Tag_Manager_Helper","template":{"id":"Tag_Manager_Helper","markupLanguage":"HANDLEBARS","style":null,"texts":null,"defaults":{"config":{"applicablePages":[],"description":"Helper widget to inject Tag Manager scripts into head element","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Tag_Manager_Helper","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"Helper widget to inject Tag Manager scripts into head element","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Consent_Blackbar-en-1742462941765":{"__typename":"CachedAsset","id":"component:custom.widget.Consent_Blackbar-en-1742462941765","value":{"component":{"id":"custom.widget.Consent_Blackbar","template":{"id":"Consent_Blackbar","markupLanguage":"HTML","style":null,"texts":null,"defaults":{"config":{"applicablePages":[],"description":"","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Consent_Blackbar","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"TEXTHTML","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:text:en_US-components/community/Breadcrumb-1743097583694":{"__typename":"CachedAsset","id":"text:en_US-components/community/Breadcrumb-1743097583694","value":{"navLabel":"Breadcrumbs","dropdown":"Additional parent page navigation"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagsHeaderWidget-1743097583694":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagsHeaderWidget-1743097583694","value":{"tag":"{tagName}","topicsCount":"{count} {count, plural, one {Topic} other {Topics}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageListForNodeByRecentActivityWidget-1743097583694":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageListForNodeByRecentActivityWidget-1743097583694","value":{"title@userScope:other":"Recent Content","title@userScope:self":"Contributions","title@board:FORUM@userScope:other":"Recent Discussions","title@board:BLOG@userScope:other":"Recent Blogs","emptyDescription":"No content to show","MessageListForNodeByRecentActivityWidgetEditor.nodeScope.label":"Scope","title@instance:1706288370055":"Content Feed","title@instance:1743095186784":"Most Recent Updates","title@instance:1704317906837":"Content Feed","title@instance:1743095018194":"Most Recent Updates","title@instance:1702668293472":"Community Feed","title@instance:1743095117047":"Most Recent Updates","title@instance:1704319314827":"Blog Feed","title@instance:1743095235555":"Most Recent Updates","title@instance:1704320290851":"My Contributions","title@instance:1703720491809":"Forum Feed","title@instance:1743095311723":"Most Recent Updates","title@instance:1703028709746":"Group Content Feed","title@instance:VTsglH":"Content Feed"},"localOverride":false},"Category:category:Forums":{"__typename":"Category","id":"category:Forums","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Forum:board:TechnicalForum":{"__typename":"Forum","id":"board:TechnicalForum","forumPolicies":{"__typename":"ForumPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Forum:board:WaterCooler":{"__typename":"Forum","id":"board:WaterCooler","forumPolicies":{"__typename":"ForumPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:DevCentralNews":{"__typename":"Tkb","id":"board:DevCentralNews","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:GroupsCategory":{"__typename":"Category","id":"category:GroupsCategory","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:F5-Groups":{"__typename":"Category","id":"category:F5-Groups","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:CommunityGroups":{"__typename":"Category","id":"category:CommunityGroups","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Occasion:board:Events":{"__typename":"Occasion","id":"board:Events","boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"occasionPolicies":{"__typename":"OccasionPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Idea:board:Suggestions":{"__typename":"Idea","id":"board:Suggestions","boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"ideaPolicies":{"__typename":"IdeaPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:CrowdSRC":{"__typename":"Category","id":"category:CrowdSRC","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:codeshare":{"__typename":"Tkb","id":"board:codeshare","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:communityarticles":{"__typename":"Tkb","id":"board:communityarticles","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:security-insights":{"__typename":"Tkb","id":"board:security-insights","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:article-series":{"__typename":"Tkb","id":"board:article-series","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Conversation:conversation:310613":{"__typename":"Conversation","id":"conversation:310613","topic":{"__typename":"TkbTopicMessage","uid":310613},"lastPostingActivityTime":"2024-08-17T03:17:12.068-07:00","solved":false},"User:user:217018":{"__typename":"User","uid":217018,"login":"Cameron_Delano","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0yMTcwMTgtMTc1MzZpRjhDN0JBMTNEN0U3RTIyMg"},"id":"user:217018"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtWWxTbzYz?revision=25\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtWWxTbzYz?revision=25","title":"clipboard_image-3-1723237623352.jpeg","associationType":"BODY","width":750,"height":422,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtTmJBUTUx?revision=25\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtTmJBUTUx?revision=25","title":"clipboard_image-4-1723237645405.png","associationType":"BODY","width":750,"height":371,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtRVI4YkhV?revision=25\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtRVI4YkhV?revision=25","title":"clipboard_image-5-1723237675858.png","associationType":"BODY","width":750,"height":424,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtMWdkaGF4?revision=25\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtMWdkaGF4?revision=25","title":"clipboard_image-6-1723237694392.png","associationType":"BODY","width":750,"height":24,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtMlpUVFN4?revision=25\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtMlpUVFN4?revision=25","title":"clipboard_image-7-1723237714121.png","associationType":"BODY","width":750,"height":551,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtZFppZVE0?revision=25\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtZFppZVE0?revision=25","title":"clipboard_image-8-1723237730750.png","associationType":"BODY","width":750,"height":38,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtMG96QnJr?revision=25\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtMG96QnJr?revision=25","title":"clipboard_image-9-1723237754548.png","associationType":"BODY","width":750,"height":107,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtMFZwMjlR?revision=25\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtMFZwMjlR?revision=25","title":"clipboard_image-10-1723237772016.png","associationType":"BODY","width":750,"height":43,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtV212dkh2?revision=25\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtV212dkh2?revision=25","title":"clipboard_image-11-1723237788693.png","associationType":"BODY","width":750,"height":33,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtMTR1aGFP?revision=25\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtMTR1aGFP?revision=25","title":"clipboard_image-12-1723237818651.png","associationType":"BODY","width":750,"height":30,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMteDh0TFFQ?revision=25\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMteDh0TFFQ?revision=25","title":"clipboard_image-13-1723237835431.png","associationType":"BODY","width":750,"height":44,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMteEEwejFv?revision=25\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMteEEwejFv?revision=25","title":"clipboard_image-14-1723237842930.png","associationType":"BODY","width":750,"height":152,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtcjZnV2sz?revision=25\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtcjZnV2sz?revision=25","title":"clipboard_image-15-1723237864268.png","associationType":"BODY","width":750,"height":41,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtdWx3UEVx?revision=25\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtdWx3UEVx?revision=25","title":"clipboard_image-16-1723237880757.png","associationType":"BODY","width":750,"height":97,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtaFdTTVY1?revision=25\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtaFdTTVY1?revision=25","title":"clipboard_image-17-1723237887933.png","associationType":"BODY","width":750,"height":65,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtNEFsSmx6?revision=25\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtNEFsSmx6?revision=25","title":"clipboard_image-18-1723237907092.png","associationType":"BODY","width":750,"height":250,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtQTZGbnZF?revision=25\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtQTZGbnZF?revision=25","title":"clipboard_image-19-1723237923657.png","associationType":"BODY","width":750,"height":121,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtSGFDMHZD?revision=25\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtSGFDMHZD?revision=25","title":"clipboard_image-20-1723237944959.png","associationType":"BODY","width":750,"height":64,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtNzd0Mkpj?revision=25\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtNzd0Mkpj?revision=25","title":"clipboard_image-21-1723237965863.png","associationType":"BODY","width":750,"height":39,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtMGo2czVl?revision=25\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtMGo2czVl?revision=25","title":"clipboard_image-22-1723237988574.png","associationType":"BODY","width":750,"height":44,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtUjNKRk5I?revision=25\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtUjNKRk5I?revision=25","title":"clipboard_image-23-1723238004415.png","associationType":"BODY","width":750,"height":42,"altText":""},"TkbTopicMessage:message:310613":{"__typename":"TkbTopicMessage","subject":"F5 Hybrid Security Architectures: Part 3 F5 XC API Protection and NGINX Ingress","conversation":{"__ref":"Conversation:conversation:310613"},"id":"message:310613","revisionNum":25,"uid":310613,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:217018"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":5255},"postTime":"2023-03-08T05:00:00.027-08:00","lastPublishTime":"2024-08-15T08:51:09.416-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Here in this example solution, we will be using DevSecOps practices to deploy an AWS Elastic Kubernetes Service (EKS) cluster running the Arcadia Finance test web application serviced by F5 NGINX Ingress Controller for Kubernetes. For protection, will provide API Discovery and Security with F5 Distributed Cloud's Web App and API Protection service. \n Introduction: \n For those of you following along with the F5 Hybrid Security Architectures series, welcome back! If this is your first foray into the series and would like some background, have a look at the intro article. This series is using the F5 Hybrid Security Architectures GitHub repo and CI/CD platform to deploy F5 based hybrid security solutions based on DevSecOps principles. This repo is a community supported effort to provide not only a demo and workshop, but also a stepping stone for utilizing these practices in your own F5 deployments. If you find any bugs or have any enhancement requests, open a issue or better yet contribute! \n API Security: \n APIs are an integral part of our daily routine, facilitating everything from critical to mundane tasks. From banking and ride-sharing apps to the weather updates we check before stepping out, APIs enable these functionalities. Given the sensitive nature of the data that can be exposed by unprotected APIs, the need for effective security cannot be stressed enough. With F5 Distributed Cloud Web App and API protection security teams can discover, inventory, and secure these critical APIs. \n Here in this example solution, we will be using DevSecOps practices to deploy an AWS Elastic Kubernetes Service (EKS) cluster running the Brewz test web application serviced by F5 NGINX Ingress Controller. To secure our application and APIs, we will deploy F5 Distributed Cloud's Web App and API Protection service. This will provide us API Discovery and Security as well as a traditional Web Application Firewall and Malicious User Detection. \n Distributed Cloud WAAP: Available for SaaS-based deployments and provides comprehensive security solutions designed to safeguard web applications and APIs from a wide range of cyber threats. This solution utilizes a distributed cloud architecture, which enables it to provide real-time protection and scale to meet the needs of large enterprises. \n NIGNX Ingress Controller for Kubernetes: A lightweight software solution that helps manage app connectivity at the edge of a Kubernetes cluster by directing requests to the appropriate services and pods. It provides advanced load balancing, routing, identity, and security, as well as montioring and observability features. \n \n XC WAAP + NGINX Ingress Controller Workflow \n GitHub Repo: \n F5 Hybrid Security Architectures \n Prerequisites: \n \n F5 Distributed Cloud Account (F5 XC) \n Create an F5 XC API certificate \n NGINX Ingress Controller license \n AWS Account - Due to the assets being created, free tier will not work. \n Terraform Cloud Account \n GitHub Account \n \n Assets \n \n xc: F5 Distributed Cloud WAAP \n nic: NGINX Ingress Controller \n infra: AWS Infrastructure (VPC, IGW, etc.) \n eks: AWS Elastic Kubernetes Service \n brewz: Brewz SPA test web application \n \n Tools \n \n Cloud Provider: AWS \n Infrastructure as Code: Terraform \n Infrastructure as Code State: Terraform Cloud \n CI/CD: GitHub Actions \n \n Terraform Cloud \n Workspaces: Create a workspace for each asset in the workflow chosen \n \n Workflow: xc-nic \n Workspaces: infra, eks, nic, brewz, xc \n \n Your Terraform Cloud console should resemble the following: \n \n Variable Set: Create a Variable Set with the following values. IMPORTANT: Ensure sensitive values are appropriately marked. \n \n AWS_ACCESS_KEY_ID: Your AWS Access Key ID - Environment Variable \n AWS_SECRET_ACCESS_KEY: Your AWS Secret Access Key - Environment Variable \n AWS_SESSION_TOKEN: Your AWS Session Token - Environment Variable \n VOLT_API_P12_FILE: Your F5 XC API certificate. Set this to api.p12 - Environment Variable \n VES_P12_PASSWORD: Set this to the password you supplied when creating your F5 XC API key - Environment Variable \n nginx_jwt: Your NGINX Java Web Token associated with your NGINX license - Terraform Variable \n ssh_key: Your ssh key for access to created compute assets - Terrraform Variable \n tf_cloud_organization: Your Terraform Cloud Organization name - Terraform Variable \n \n Your Variable Set should resemble the following: \n \n GitHub \n Fork and Clone Repo: F5 Hybrid Security Architectures \n \n ctions Secrets: Create the following GitHub Actions secrets in your forked repo \n \n XC_P12: The base64 encoded F5 XC API certificate \n TF_API_TOKEN: Your Terraform Cloud API token \n TF_CLOUD_ORGANIZATION: Your Terraform Cloud Organization \n TF_CLOUD_WORKSPACE_workspace: Create for each workspace used in your workflow. EX: TF_CLOUD_WORKSPACE_XC would be created with the value xc \n \n Your GitHub Actions Secrets should resemble the following: \n \n Setup Deployment Branch and Terraform Local Variables: \n Step 1: Check out a branch for the deploy workflow using the following naming convention \n xc-nic deployment branch: deploy-xcapi-nic \n \n Step 2: Rename infra/terraform.tfvars.examples to infra/terraform.tfvars and add the following data \n #Global project_prefix = \"Your project identifier\" resource_owner = \"You\" #AWS aws_region = \"Your AWS region\" ex: us-west-1 azs = \"Your AWS availability zones\" ex: [\"us-west-1a\", \"us-west-1b\"] #Assets nic = true nap = false bigip = false bigip-cis = false \n Step 3: Rename xc/terraform.tfvars.examples to xc/terraform.tfvars and add the following data \n #XC Global api_url = \"https://.console.ves.volterra.io/api\" xc_tenant = \"Your XC Tenant Name\" xc_namespace = \"Your XC namespace\" #XC LB app_domain = \"Your App Domain\" #XC WAF xc_waf_blocking = true #XC AI/ML Settings for MUD, APIP - NOTE: Only set if using AI/ML settings from the shared namespace xc_app_type = [] xc_multi_lb = false #XC API Protection and Discovery xc_api_disc = true xc_api_pro = true xc_api_spec = [\"Path to uploaded API spec\"] *See below screen shot for how to obtain this value. #XC Bot Defense xc_bot_def = false #XC DDoS xc_ddos = false #XC Malicious User Detection xc_mud = true \n \n For Path to API Spec navigate to Manage->Files->Swagger Files, click the three dots next to your OAS, and choose \"Copy Latest Version's URL\". Paste this into the xc_api_spec in the xc/terraform.tfvars. \n \n \n Step 4: Modify line 16 in the .gitignore and comment out the *.tfvars line with # and save the file \n \n Step 5: Commit your changes \n \n Deployment: \n Step 1: Push your deploy branch to the forked repo \n \n Step 2: Back in GitHub, navigate to the Actions tab of your forked repo and monitor your build \n \n Step 3: Once the pipeline completes, verify your assets were deployed to AWS and F5 XC \n \n Step 4: Check your Terraform Outputs for XC and verify your app is available by navigating to the FQDN \n \n API Discovery and Security Dashboards: \n After leaving the Brewz test app deployed for a while we can start to see the API graph form. The F5 XC WAAP platform learns the schema structure of the API by analyzing sampled request data, then reverse-engineering the schema to generates an OpenAPI spec. The platform validates what is deploy versus what is discovered and tags any Shadow APIs that are found. \n \n We can also check the dashboards for any attacks that may have occurred while we were waiting for discovery to finish. The internet being what it is, it didn't take long for the platform to protect us against some attacks. \n \n Deployment Teardown: \n Step 1: From your deployment branch check out a branch for the destroy workflow using the following naming convention \n xc-nic destroy branch: destroy-xcapi-nic \n \n Step 2: Push your destroy branch to the forked repo \n \n Step 3: Back in GitHub, navigate to the Actions tab of your forked repo and monitor your build \n \n Step 4: Once the pipeline completes, verify your assets were destroyed \n \n Conclusion: \n In this article we have shown how to utilize the F5 Hybrid Security Architectures GitHub repo and CI/CD pipeline to deploy a tiered security architecture utilizing F5 XC WAAP and NGINX Ingress Controller to protect a test API running in AWS EKS. While the code and security policies deployed are generic and not inclusive of all use-cases, they can be used as a steppingstone for deploying F5 based hybrid architectures in your own environments. \n Workloads are increasingly deployed across multiple diverse environments and application architectures. Organizations need the ability to protect their essential applications regardless of deployment or architecture circumstances. Equally important is the need to deploy these protections with the same flexibility and speed as the apps they protect. With the F5 WAF portfolio, coupled with DevSecOps principles, organizations can deploy and maintain industry-leading security without sacrificing the time to value of their applications. Not only can Edge and Shift Left principles exist together, but they can also work in harmony to provide a more effective security solution. \n \n Article Series: \n F5 Hybrid Security Architectures (Intro - One WAF Engine, Total Flexibility) F5 Hybrid Security Architectures (Part 1 - F5's Distributed Cloud WAF and BIG-IP Advanced WAF) F5 Hybrid Security Architectures (Part 2 - F5's Distributed Cloud WAF and NGINX App Protect WAF) F5 Hybrid Security Architectures (Part 3 - F5 XC API Protection and NGINX Ingress Controller) F5 Hybrid Security Architectures (Part 4 - F5 XC BOT and DDoS Defense and BIG-IP Advanced WAF) F5 Hybrid Security Architectures (Part 5 - F5 XC, BIG-IP APM, CIS, and NGINX Ingress Controller) \n For further information or to get started: \n \n F5 Distributed Cloud Platform (Link) \n F5 Distributed Cloud WAAP Services (Link) \n F5 Distributed Cloud WAAP YouTube series (Link) \n F5 Distributed Cloud WAAP Get Started (Link) \n \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"10223","kudosSumWeight":5,"repliesCount":2,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtWWxTbzYz?revision=25\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtTmJBUTUx?revision=25\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtRVI4YkhV?revision=25\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtMWdkaGF4?revision=25\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDU","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtMlpUVFN4?revision=25\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDY","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtZFppZVE0?revision=25\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDc","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtMG96QnJr?revision=25\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDg","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtMFZwMjlR?revision=25\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDk","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtV212dkh2?revision=25\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDEw","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtMTR1aGFP?revision=25\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDEx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMteDh0TFFQ?revision=25\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDEy","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMteEEwejFv?revision=25\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDEz","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtcjZnV2sz?revision=25\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE0","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtdWx3UEVx?revision=25\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE1","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtaFdTTVY1?revision=25\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE2","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtNEFsSmx6?revision=25\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE3","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtQTZGbnZF?revision=25\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE4","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtSGFDMHZD?revision=25\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE5","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtNzd0Mkpj?revision=25\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDIw","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtMGo2czVl?revision=25\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDIx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTA2MTMtUjNKRk5I?revision=25\"}"}}],"totalCount":21,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:308118":{"__typename":"Conversation","id":"conversation:308118","topic":{"__typename":"TkbTopicMessage","uid":308118},"lastPostingActivityTime":"2024-08-06T14:06:14.177-07:00","solved":false},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjIxMTNpM0I1MEU5NUNCMTVENTE2MA?revision=30\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjIxMTNpM0I1MEU5NUNCMTVENTE2MA?revision=30","title":"CoverPhoto_0012_tetrebbien-a4hbfGZ4plM-unsplash.jpg","associationType":"COVER","width":1000,"height":1000,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE5NDNpODI1N0Q5MTg0QUFDRjhERQ?revision=30\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE5NDNpODI1N0Q5MTg0QUFDRjhERQ?revision=30","title":"Architecture - UC-2-detail (2).jpeg","associationType":"BODY","width":2957,"height":1881,"altText":"Architecture - UC-2-detail (2).jpeg"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE3MTBpMjhEMUZFNEY5RDdBNkM1NA?revision=30\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE3MTBpMjhEMUZFNEY5RDdBNkM1NA?revision=30","title":"Screen Shot 2023-01-13 at 2.58.53 PM.png","associationType":"BODY","width":2412,"height":772,"altText":"Screen Shot 2023-01-13 at 2.58.53 PM.png"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjQ1OTVpRUYwNUM1NDc0NTQ2NzVBMQ?revision=30\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjQ1OTVpRUYwNUM1NDc0NTQ2NzVBMQ?revision=30","title":"Screenshot 2023-06-26 at 1.59.11 PM.png","associationType":"BODY","width":1122,"height":634,"altText":"Screenshot 2023-06-26 at 1.59.11 PM.png"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE3MDBpMTY3MkM0MTM0QkNCM0QyQw?revision=30\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE3MDBpMTY3MkM0MTM0QkNCM0QyQw?revision=30","title":"fork.png","associationType":"BODY","width":3578,"height":114,"altText":"fork.png"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjQ1OTZpNkNBREUzNEI5MEFCQjY2NA?revision=30\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjQ1OTZpNkNBREUzNEI5MEFCQjY2NA?revision=30","title":"Screenshot 2023-06-26 at 2.28.46 PM.png","associationType":"BODY","width":787,"height":501,"altText":"Screenshot 2023-06-26 at 2.28.46 PM.png"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE2OTlpMzQ4NkM2QkQ0N0QzMzFCMg?revision=30\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE2OTlpMzQ4NkM2QkQ0N0QzMzFCMg?revision=30","title":"commit.png","associationType":"BODY","width":2162,"height":136,"altText":"commit.png"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE4NzFpNzEyRTgxNEFERjIyRDM2Nw?revision=30\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE4NzFpNzEyRTgxNEFERjIyRDM2Nw?revision=30","title":"Screen Shot 2023-01-18 at 8.14.09 AM.png","associationType":"BODY","width":3210,"height":192,"altText":"Screen Shot 2023-01-18 at 8.14.09 AM.png"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE4NzJpNDlDODNBQTIxMzIyQzkxOQ?revision=30\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE4NzJpNDlDODNBQTIxMzIyQzkxOQ?revision=30","title":"Screen Shot 2023-01-18 at 8.37.02 AM.png","associationType":"BODY","width":3218,"height":174,"altText":"Screen Shot 2023-01-18 at 8.37.02 AM.png"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE3MDFpOTlFRkJFQTM3MjhFNkUzRg?revision=30\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE3MDFpOTlFRkJFQTM3MjhFNkUzRg?revision=30","title":"Screen Shot 2023-01-13 at 11.57.41 AM.png","associationType":"BODY","width":1716,"height":100,"altText":"Screen Shot 2023-01-13 at 11.57.41 AM.png"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjQxODhpQ0NBMjdCNkU5QTNCM0JGOQ?revision=30\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjQxODhpQ0NBMjdCNkU5QTNCM0JGOQ?revision=30","title":"Screenshot 2023-06-06 at 8.06.02 AM.png","associationType":"BODY","width":2532,"height":126,"altText":"Screenshot 2023-06-06 at 8.06.02 AM.png"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE4NzhpMjM0MTE2MzNCOTQ2MDUzMw?revision=30\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE4NzhpMjM0MTE2MzNCOTQ2MDUzMw?revision=30","title":"Screen Shot 2023-01-18 at 9.22.06 AM.png","associationType":"BODY","width":2556,"height":142,"altText":"Screen Shot 2023-01-18 at 9.22.06 AM.png"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE4NzZpMTIxOEZBOTk2N0ZBNTI3Ng?revision=30\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE4NzZpMTIxOEZBOTk2N0ZBNTI3Ng?revision=30","title":"Screen Shot 2023-01-18 at 8.57.44 AM.png","associationType":"BODY","width":1154,"height":266,"altText":"Screen Shot 2023-01-18 at 8.57.44 AM.png"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE4NzNpNjc2Rjg1QkE3RUIwNUVBRQ?revision=30\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE4NzNpNjc2Rjg1QkE3RUIwNUVBRQ?revision=30","title":"Screen Shot 2023-01-18 at 8.14.48 AM.png","associationType":"BODY","width":3206,"height":184,"altText":"Screen Shot 2023-01-18 at 8.14.48 AM.png"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE4NzRpNjkxQTVDN0M2MERCQ0Q5NA?revision=30\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE4NzRpNjkxQTVDN0M2MERCQ0Q5NA?revision=30","title":"Screen Shot 2023-01-18 at 8.38.29 AM.png","associationType":"BODY","width":3214,"height":172,"altText":"Screen Shot 2023-01-18 at 8.38.29 AM.png"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE3MDNpMjJEMzAwMjc5MzE5MUNBMw?revision=30\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE3MDNpMjJEMzAwMjc5MzE5MUNBMw?revision=30","title":"Screen Shot 2023-01-13 at 11.57.41 AM.png","associationType":"BODY","width":1716,"height":100,"altText":"Screen Shot 2023-01-13 at 11.57.41 AM.png"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjQxODlpREYyRjg1RDQwQzFBQzFDNw?revision=30\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjQxODlpREYyRjg1RDQwQzFBQzFDNw?revision=30","title":"Screenshot 2023-06-06 at 8.06.32 AM.png","associationType":"BODY","width":2528,"height":106,"altText":"Screenshot 2023-06-06 at 8.06.32 AM.png"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE4OThpODU0Nzk2MkQ4NTY4QjJBQw?revision=30\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE4OThpODU0Nzk2MkQ4NTY4QjJBQw?revision=30","title":"Screen Shot 2023-01-18 at 10.42.11 AM.png","associationType":"BODY","width":2560,"height":142,"altText":"Screen Shot 2023-01-18 at 10.42.11 AM.png"},"TkbTopicMessage:message:308118":{"__typename":"TkbTopicMessage","subject":"F5 Hybrid Security Architectures (Part 2 - F5's Distributed Cloud WAF and NGINX App Protect WAF)","conversation":{"__ref":"Conversation:conversation:308118"},"id":"message:308118","revisionNum":30,"uid":308118,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:217018"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" Here in this example solution, we will be using Terraform to deploy an AWS Elastic Kubernetes Service cluster running the Arcadia Finance test web application serviced by F5 NGINX Kubernetes Ingress Controller and protected by NGINX App Protect WAF. We will supplement this with F5 Distributed Cloud Web App and API Protection to provide complimentary security at the edge. Everything will be tied together using GitHub Actions for CI/CD and Terraform Cloud to maintain state. ","introduction":"","metrics":{"__typename":"MessageMetrics","views":5146},"postTime":"2023-01-25T08:00:00.021-08:00","lastPublishTime":"2024-08-06T14:06:14.177-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" \n Introduction: \n For those of you following along with the F5 Hybrid Security Architectures series, welcome back! If this is your first foray into the series and would like some background, have a look at the intro article. This series is using the F5 Hybrid Security Architectures GitHub repo and CI/CD platform to deploy F5 based hybrid security solutions based on DevSecOps principles. This repo is a community supported effort to provide not only a demo and workshop, but also a stepping stone for utilizing these practices in your own F5 deployments. If you find any bugs or have any enhancement requests, open a issue or better yet contribute! \n Here in this example solution, we will be using Terraform to deploy an AWS Elastic Kubernetes Service (EKS) cluster running the Arcadia Finance test web application serviced by F5 NGINX Ingress Controller for Kubernetes and protected by F5 NGINX App Protect WAF and API Protection. We will supplement this with F5 Distributed Cloud Web App and API Protection to provide complimentary security at the edge. Everything will be tied together using GitHub Actions for CI/CD and Terraform Cloud to maintain state. \n Distributed Cloud WAF: Available for SaaS-based deployments in a distributed environment that reduces operational overhead with an optional fully managed service. \n NIGNX App Protect WAF: A lightweight software security solution that provides high-performance, low-latency, and platform-agnostic deployments for modern, microservices-based applications and containers. \n XC WAF + NGINX App Protect WAF Workflow \n GitHub Repo: \n F5 Hybrid Security Architectures \n Prerequisites: \n \n F5 Distributed Cloud Account (F5 XC) \n Create an F5 XC API certificate \n F5 NGINX Plus with NGINX App Protect WAF license \n AWS Account - Due to the assets being created, free tier will not work. \n Terraform Cloud Account \n GitHub Account \n \n Assets \n \n xc: F5 Distributed Cloud WAAP \n nap: NGINX Ingress Controller and NGINX App Protect WAF \n infra: AWS Infrastructure (VPC, IGW, etc.) \n eks: AWS Elastic Kubernetes Service \n arcadia: Arcadia Finance test web application \n \n Tools \n \n Cloud Provider: AWS \n Infrastructure as Code: Terraform \n Infrastructure as Code State: Terraform Cloud \n CI/CD: GitHub Actions \n \n Terraform Cloud \n Workspaces: Create a workspace for each asset in the workflow chosen \n \n \n \n \n Workflow \n Workspaces \n \n \n xc-nap \n infra, eks, nap, arcadia, xc \n \n \n \n \n Workspace Sharing: Under the settings for each Workspace, set the Remote state sharing to share with each Workspace created. \n Your Terraform Cloud console should resemble the following: \n Variable Set: Create a Variable Set with the following values. IMPORTANT: Ensure sensitive values are appropriately marked. \n \n AWS_ACCESS_KEY_ID: Your AWS Access Key ID - Environment Variable \n AWS_SECRET_ACCESS_KEY: Your AWS Secret Access Key - Environment Variable \n AWS_SESSION_TOKEN: Your AWS Session Token - Environment Variable \n VOLT_API_P12_FILE: Your F5 XC API certificate. Set this to api.p12 - Environment Variable \n VES_P12_PASSWORD: Set this to the password you supplied when creating your F5 XC API key - Environment Variable \n nginx_jwt: Your NGINX Java Web Token associated with your NGINX license - Terraform Variable \n ssh_key: Your ssh key for access to created compute assets - Terrraform Variable \n admin_src_addr: The source address of your administrative workstation - Terraform Variable \n tf_cloud_organization: Your Terraform Cloud Organization name - Terraform Variable \n \n Your Variable Set should resemble the following: \n GitHub \n Fork and Clone Repo: F5 Hybrid Security Architectures \n Actions Secrets: Create the following GitHub Actions secrets in your forked repo \n \n P12: The base64 encoded F5 XC API certificate \n TF_API_TOKEN: Your Terraform Cloud API token \n TF_CLOUD_ORGANIZATION: Your Terraform Cloud Organization \n TF_CLOUD_WORKSPACE_workspace: Create for each workspace used in your workflow. EX: TF_CLOUD_WORKSPACE_NAP would be created with the value nap \n \n Your GitHub Actions Secrets should resemble the following: \n Terraform Local Variables: \n Step 1: Rename infra/terraform.tfvars.examples to infra/terraform.tfvars and add the following data \n project_prefix = \"Your project identifier\"\nresource_owner = \"You\"\naws_region = \"Your AWS region\" ex: us-west-1\nazs = \"Your AWS availability zones\" ex: [\"us-west-1a\", \"us-west-1b\"] \n\n#Set the following feature flags for this use case\nnic = false\nnap = true\nbigip = false\nbigip-cis = false \n Step 2: Rename xc/terraform.tfvars.examples to xc/terraform.tfvars and add the following data \n api_url = \"https://<YOUR TENANT>.console.ves.volterra.io/api\"\nxc_tenant = \"Your tenant id available in F5 XC Administration menu\"\nxc_namespace = \"Your XC Namespace\"\napp_domain = \"Your APP FQDN\"\n\n##Set the following feature flags for this usecase.\n\n#XC WAF\nxc_waf_blocking = true\n\n#XC API Protection and Discovery\nxc_api_disc = false\nxc_api_pro = false\nxc_api_spec = []\n\n#XC Bot Defense\nxc_bot_def = false\n\n#XC DDoS\nxc_ddos_pro = false\n\n#XC Malicious User Detection\nxc_mud = false\n\n#XC AI/ML Settings for MUD, APIP - NOTE: Only set if using AI/ML settings from the shared namespace\nxc_app_type = []\nxc_multi_lb = false \n Step 4: Commit your changes \n Deployment Workflow: \n Step 1: Check out a branch for the deploy workflow using the following naming convention \n \n xc-nap deployment branch: deploy-xc-nap \n \n Step 2: Push your deploy branch to the forked repo \n Step 3: Back in GitHub, navigate to the Actions tab of your forked repo and monitor your build \n Step 4: Once the pipeline completes, verify your assets were deployed to AWS and F5 XC \n Step 5: Verify your app is available by navigating to the app domain FQDN you provided in the setup. Note: The autocert process takes time. It may be 5 to 10 minutes before Let's Encrypt has provided the cert \n F5 XC Terraform Outputs: \n Destroy Workflow: \n Step 1: From your main branch, check out a new branch for the destroy workflow using the following naming convention \n \n xc-bigip destroy branch: destroy-xc-nap \n \n Step 2: Push your destroy branch to the forked repo \n \n Step 3: Back in GitHub, navigate to the Actions tab of your forked repo and monitor your workflow \n Step 4: Once the pipeline completes, verify your assets were destroyed \n Conclusion: \n In this article we have shown how to utilize the F5 Hybrid Security Architectures GitHub repo and CI/CD pipeline to deploy a tiered security architecture utilizing F5 XC WAF and NGINX App Protect WAF to protect a test web application running in AWS EKS. We also provided ingress into our EKS cluster with the NGINX Ingress Controller. While the code and security policies deployed are generic and not inclusive of all use-cases, they can be used as a steppingstone for deploying F5 based hybrid architectures in your own environments. \n Workloads are increasingly deployed across multiple diverse environments and application architectures. Organizations need the ability to protect their essential applications regardless of deployment or architecture circumstances. Equally important is the need to deploy these protections with the same flexibility and speed as the apps they protect. With the F5 WAF portfolio, coupled with DevSecOps principles, organizations can deploy and maintain industry-leading security without sacrificing the time to value of their applications. Not only can Edge and Shift Left principles exist together, but they can also work in harmony to provide a more effective security solution. \n \n \n \n \n \n Article Series: \n F5 Hybrid Security Architectures (Intro - One WAF Engine, Total Flexibility) F5 Hybrid Security Architectures (Part 1 - F5's Distributed Cloud WAF and BIG-IP Advanced WAF) F5 Hybrid Security Architectures (Part 2 - F5's Distributed Cloud WAF and NGINX App Protect WAF) F5 Hybrid Security Architectures (Part 3 - F5 XC API Protection and NGINX Ingress Controller) F5 Hybrid Security Architectures (Part 4 - F5 XC BOT and DDoS Defense and BIG-IP Advanced WAF) F5 Hybrid Security Architectures (Part 5 - F5 XC, BIG-IP APM, CIS, and NGINX Ingress Controller) \n For further information or to get started: \n \n F5 Distributed Cloud Platform (Link) \n F5 Distributed Cloud WAAP Services (Link) \n F5 Distributed Cloud WAAP YouTube series (Link) \n F5 Distributed Cloud WAAP Get Started (Link) \n \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"8697","kudosSumWeight":4,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjIxMTNpM0I1MEU5NUNCMTVENTE2MA?revision=30\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE5NDNpODI1N0Q5MTg0QUFDRjhERQ?revision=30\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE3MTBpMjhEMUZFNEY5RDdBNkM1NA?revision=30\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjQ1OTVpRUYwNUM1NDc0NTQ2NzVBMQ?revision=30\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDU","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE3MDBpMTY3MkM0MTM0QkNCM0QyQw?revision=30\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDY","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjQ1OTZpNkNBREUzNEI5MEFCQjY2NA?revision=30\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDc","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE2OTlpMzQ4NkM2QkQ0N0QzMzFCMg?revision=30\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDg","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE4NzFpNzEyRTgxNEFERjIyRDM2Nw?revision=30\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDk","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE4NzJpNDlDODNBQTIxMzIyQzkxOQ?revision=30\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDEw","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE3MDFpOTlFRkJFQTM3MjhFNkUzRg?revision=30\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDEx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjQxODhpQ0NBMjdCNkU5QTNCM0JGOQ?revision=30\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDEy","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE4NzhpMjM0MTE2MzNCOTQ2MDUzMw?revision=30\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDEz","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE4NzZpMTIxOEZBOTk2N0ZBNTI3Ng?revision=30\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE0","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE4NzNpNjc2Rjg1QkE3RUIwNUVBRQ?revision=30\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE1","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE4NzRpNjkxQTVDN0M2MERCQ0Q5NA?revision=30\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE2","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE3MDNpMjJEMzAwMjc5MzE5MUNBMw?revision=30\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE3","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjQxODlpREYyRjg1RDQwQzFBQzFDNw?revision=30\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE4","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDgxMTgtMjE4OThpODU0Nzk2MkQ4NTY4QjJBQw?revision=30\"}"}}],"totalCount":18,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[{"__typename":"VideoEdge","cursor":"MHxodHRwczovL3lvdXR1LmJlL1hfN1FSZGZzc0dBfDB8MjU7MjV8fA","node":{"__typename":"AssociatedVideo","videoTag":{"__typename":"VideoTag","vid":"https://youtu.be/X_7QRdfssGA","thumbnail":"https://i.ytimg.com/vi/X_7QRdfssGA/hqdefault.jpg","uploading":false,"height":240,"width":320,"title":null},"videoAssociationType":"INLINE_BODY"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:307248":{"__typename":"Conversation","id":"conversation:307248","topic":{"__typename":"TkbTopicMessage","uid":307248},"lastPostingActivityTime":"2024-08-06T14:05:56.956-07:00","solved":false},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDcyNDgtMjU1MjVpMTJENUVEQTM3RDI0RDVENw?revision=52\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDcyNDgtMjU1MjVpMTJENUVEQTM3RDI0RDVENw?revision=52","title":"DC-Cover_0007_pavel-neznanov-w95Fb7EEcjE-unsplash.jpg","associationType":"COVER","width":500,"height":500,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDcyNDgtMjA0MTJpQ0JCN0FGQjI5MzBFN0VDOQ?revision=52\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDcyNDgtMjA0MTJpQ0JCN0FGQjI5MzBFN0VDOQ?revision=52","title":"f5xclogo.png","associationType":"BODY","width":100,"height":103,"altText":"f5xclogo.png"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDcyNDgtMjE0MjlpQ0FBOUM1MkEyNDFBMUFFQg?revision=52\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDcyNDgtMjE0MjlpQ0FBOUM1MkEyNDFBMUFFQg?revision=52","title":"OneWAFOV-v2.jpg","associationType":"BODY","width":1920,"height":1080,"altText":"OneWAFOV-v2.jpg"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDcyNDgtMjE0MzNpOTE3OUQwMDlFMDNEREZEOA?revision=52\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDcyNDgtMjE0MzNpOTE3OUQwMDlFMDNEREZEOA?revision=52","title":"OneWAF-v2.jpeg","associationType":"BODY","width":3303,"height":2501,"altText":"OneWAF-v2.jpeg"},"TkbTopicMessage:message:307248":{"__typename":"TkbTopicMessage","subject":"F5 Hybrid Security Architectures: One WAF Engine, Total Flexibility (Intro)","conversation":{"__ref":"Conversation:conversation:307248"},"id":"message:307248","revisionNum":52,"uid":307248,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:217018"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" Layered security, we have been told for years that the most effective security strategy is composed of multiple, loosely coupled or independent layers of security controls. A WAF fits snuggly into the technical security controls area and has long been known as an essential piece of application security. What if we take this further and apply the layered approach directly to our WAF deployment? The F5 Hybrid Security Architectures explores this approach utilizing F5's best in class WAF products. ","introduction":"","metrics":{"__typename":"MessageMetrics","views":8410},"postTime":"2023-01-17T08:26:35.354-08:00","lastPublishTime":"2024-08-06T14:05:56.956-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" \n Flexibility and Security: \n When Security engineers and architects think of application security deployments in distributed environments, one of the challenges they face is balancing the rigidity of security with the flexibility that modern applications require. Often while performing this balancing act, we err toward rigidity. Still, when it comes to designing a security strategy focused on protecting as many application architectures as possible, flexibility is critical. As much as these two traits seem at odds with one another, the number of applications deployed by organizations requires them to coexist. \n Unprecedented growth trends are happening in the world of application deployment, including the types of environments. Whether it’s public or private cloud, on-premises, collocated, or at the edge, each application will have a set of standard and individual security needs. All applications require protections for the App and API OWASP Top 10, L3-7 DoS, Fraud and Bot Defense. Additionally, each has specific requirements related to its use case, infrastructure, and language. Your strategy and architecture are going to need to account for this diversity. Doing so should help accomplish or accelerate your security initiatives and may also help you reduce overall total cost due to architectural flexibility. \n \n Learn more about the associated challenges with hybrid and multi-cloud security. \n \n Defense in Depth: \n Layered security, we have been told for years that the most effective security strategy is composed of multiple, loosely coupled or independent layers of security controls. We need to know that if one of our layers fails or is compromised, another layer in the strategy will still provide us with the protection our applications require. A WAF fits snugly into the technical security controls area and has long been known as an essential piece of application security. What if we take this further and apply the layered approach directly to our WAF deployment? Let's look at some of our current WAF deployment strategies and what this layered approach might look like. \n Deploying a scalable, easily managed WAF at the edge allows us to block malicious traffic outside our perimeter. This is where F5's Distributed Cloud WAF fits into the picture. It gives a common security posture for all our applications no matter where they reside in our overall architecture, accounting for some of that environmental diversity we mentioned before. It also provides a foundation for a multi-cloud strategy. Additionally, it has the added value of lowering costs by blocking the traffic before it reaches an area where we incur costs for network usage. This all sounds great, but aren't we also supposed to be shifting security left? \n Integrating security into every stage of the development pipeline and moving security solutions away from the perimeter by placing tailored granular security as close to the application as possible is a key part of shifting left. Products like NGINX App Protect and BIG-IP Advanced WAF are perfect for this type of deployment. Whether it's hardware in the data center, virtual edition in public or private cloud, or a lightweight platform agnostic solution protecting your essential microservices, these products help to shift that security left. This gives the ability to meet the specific security needs of our essential apps, allowing us to account for some of that language and use case diversity. \n Both capabilities are critical to a comprehensive security strategy that meets the needs of the security teams, while providing the flexibility developers require. Luckily, both capabilities are complimentary, not mutually exclusive. We can deploy these without added complexity due to each product having the same core. That core or engine at the heart of all our WAF products is the foundation for this article series. It's what I mean when I say “one WAF engine, total flexibility.” \n One WAF Engine != One WAF \n When we started this project, there was some confusion about what we meant by One WAF Engine. For anyone familiar with the F5 product portfolio, it is plainly apparent we do not have “One WAF”. All these options being available allows us to be more flexible and plays a vital role in this project. So, what is it we mean? \n The engine at the foundation of the entire F5 WAF portfolio is based on the best-in-class efficacy and performance of our BIG-IP based Advanced WAF. This gives application security teams the ability to choose the best deployment option that matches the specific needs of their applications without sacrificing policy familiarity and portability. Organizations can employ: \n \n BIG-IP Advanced WAF, available for on-premises / data center and public or private cloud (virtual edition) deployment, for robust, high-performance web application and API security with granular, self-managed controls. \n F5 NGINX App Protect WAF for a lightweight software security solution that provides high-performance, low-latency, and platform-agnostic deployments for modern, microservices-based applications and containers. \n F5 Distributed Cloud WAF for SaaS-based deployments in a distributed environment that reduces operational overhead with an optional fully managed service. \n \n Each of these products support deployment patterns that both stand on their own and complement each other. The architectures shown in this article series will primarily focus on that complimentary aspect of the portfolio, with occasional forays into the singular deployment pattern. \n DevSecOps: \n No modern security strategy is complete without incorporating DevSecOps practices. Integrating security into the entire software delivery lifecycle is essential for delivering secure applications with speed and quality. This project aims to account for those practices by utilizing F5’s fully supported APIs and tooling. Each architecture will include a GitHub repo with IAC code, examples of integration into a CI/CD pipeline, and telemetry options. \n Resources: \n F5 Hybrid Security Architectures GitHub Repo and Guide \n Article Series: \n F5 Hybrid Security Architectures: One WAF Engine, Total Flexibility (Intro) F5 Hybrid Security Architectures (Part 1 - F5's Distributed Cloud WAF and BIG-IP Advanced WAF) F5 Hybrid Security Architectures (Part 2 - F5's Distributed Cloud WAF and NGINX App Protect WAF) F5 Hybrid Security Architectures (Part 3 - F5 XC API Protection and NGINX Ingress Controller) F5 Hybrid Security Architectures (Part 4 - F5 XC BOT and DDoS Defense and BIG-IP Advanced WAF) F5 Hybrid Security Architectures (Part 5 - F5 XC, BIG-IP APM, CIS, and NGINX Ingress Controller) Minimizing Security Complexity: Managing Distributed WAF Policies \n \n For further information or to get started: \n \n F5 Distributed Cloud Platform (Link) \n F5 Distributed Cloud WAAP Services (Link) \n F5 Distributed Cloud WAAP YouTube series (Link) \n F5 Distributed Cloud WAAP Get Started (Link) \n \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"7291","kudosSumWeight":11,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDcyNDgtMjU1MjVpMTJENUVEQTM3RDI0RDVENw?revision=52\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDcyNDgtMjA0MTJpQ0JCN0FGQjI5MzBFN0VDOQ?revision=52\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDcyNDgtMjE0MjlpQ0FBOUM1MkEyNDFBMUFFQg?revision=52\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDcyNDgtMjE0MzNpOTE3OUQwMDlFMDNEREZEOA?revision=52\"}"}}],"totalCount":4,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:321168":{"__typename":"Conversation","id":"conversation:321168","topic":{"__typename":"TkbTopicMessage","uid":321168},"lastPostingActivityTime":"2024-03-15T13:50:39.690-07:00","solved":false},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjExNjgtMjU1MThpMzc3MzY2ODc5MTRDOUJCRA?revision=24\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjExNjgtMjU1MThpMzc3MzY2ODc5MTRDOUJCRA?revision=24","title":"DC-Cover_0009_diego-ph-fIq0tET6llw-unsplash.jpg","associationType":"COVER","width":500,"height":500,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjExNjgtMjU2OTdpRDY3NkQ0N0M1QjE4QkQ4Ng?revision=24\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjExNjgtMjU2OTdpRDY3NkQ0N0M1QjE4QkQ4Ng?revision=24","title":"Screenshot 2023-09-14 at 3.15.20 PM.png","associationType":"BODY","width":1673,"height":552,"altText":"Screenshot 2023-09-14 at 3.15.20 PM.png"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjExNjgtMjU2OTZpQzNEOTI5MEU0NDQ4QUEzQg?revision=24\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjExNjgtMjU2OTZpQzNEOTI5MEU0NDQ4QUEzQg?revision=24","title":"Screenshot 2023-09-14 at 3.08.53 PM.png","associationType":"BODY","width":1678,"height":511,"altText":"Screenshot 2023-09-14 at 3.08.53 PM.png"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjExNjgtMjU2OTRpOERGRjhDQ0Q4Nzc4RkFGQQ?revision=24\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjExNjgtMjU2OTRpOERGRjhDQ0Q4Nzc4RkFGQQ?revision=24","title":"Screenshot 2023-09-14 at 2.56.50 PM.png","associationType":"BODY","width":1440,"height":239,"altText":"Screenshot 2023-09-14 at 2.56.50 PM.png"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjExNjgtMjU2OTJpRUE4MzUzNTlDNEQ3NzhFQQ?revision=24\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjExNjgtMjU2OTJpRUE4MzUzNTlDNEQ3NzhFQQ?revision=24","title":"Screenshot 2023-09-14 at 2.51.04 PM.png","associationType":"BODY","width":933,"height":1153,"altText":"Screenshot 2023-09-14 at 2.51.04 PM.png"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjExNjgtMjU2ODZpMzc4MUREOTkyNkE4ODdDMQ?revision=24\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjExNjgtMjU2ODZpMzc4MUREOTkyNkE4ODdDMQ?revision=24","title":"Screenshot 2023-09-14 at 2.45.34 PM.png","associationType":"BODY","width":620,"height":718,"altText":"Screenshot 2023-09-14 at 2.45.34 PM.png"},"TkbTopicMessage:message:321168":{"__typename":"TkbTopicMessage","subject":"Minimizing Security Complexity: Managing Distributed WAF Policies","conversation":{"__ref":"Conversation:conversation:321168"},"id":"message:321168","revisionNum":24,"uid":321168,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:217018"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" In this article and demo, we'll explore a few best practices and tools available to help organizations maintain robust security postures across their entire WAF infrastructure, and how embracing modern approaches like DevSecOps and the F5 Policy Supervisor and Conversion tools can help overcome the challenges of managing security policies at scale. ","introduction":"","metrics":{"__typename":"MessageMetrics","views":3285},"postTime":"2023-09-17T21:18:59.083-07:00","lastPublishTime":"2024-03-15T13:50:39.690-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" \n Introduction: \n In today's digital landscape, where cyber threats constantly evolve, safeguarding an enterprise's web applications is of paramount importance. However, for security engineers tasked with protecting a large enterprise equipped with a substantial deployment of web application firewalls (WAFs), the task of managing distributed security policies across the entire application landscape presents a significant challenge. Ensuring consistency and coherence, in both the effectiveness and deployment of these policies is essential, yet it's far from straightforward. In this article and demo, we'll explore a few best practices and tools available to help organizations maintain robust security postures across their entire WAF infrastructure, and how embracing modern approaches like DevSecOps and the F5 Policy Supervisor and Conversion tools can help overcome these challenges. \n Security Policy as Code: \n Storing your WAF policies as code within a secure repository is a DevSecOps best practice that extends beyond consistency and tracking. It's also the first step in making security an integral part of the development process, fostering a culture of security throughout the entire software development and delivery lifecycle. This shift-left approach ensures that security concerns are addressed early in the development process, reducing the risk of vulnerabilities and enhancing collaboration between security, development, and operations teams. It enables automation, version control, and rapid response to evolving threats, ultimately resulting in the delivery of secure applications with speed and quality. \n To help facilitate this, the entire F5 security product portfolio supports the ingestion of WAF policy in JSON format. This enables you to store your policies as code in a Git repository and seamlessly reference them during your automation-driven deployments, guaranteeing that every WAF deployment is well-prepared to safeguard your critical applications. \n \"wafPolicy\": {\n \"class\": \"WAF_Policy\",\n \"url\": \"https://raw.githubusercontent.com/knowbase/architectural-octopod/main/awaf/owasp-auto-tune.json\",\n \"enforcementMode\": \"blocking\",\n \"ignoreChanges\": true\n} \n F5 Policy Supervisor: \n Considering the sheer number of WAFs in large enterprises, managing distributed policies can easily overwhelm security teams. Coordinating updates, rule changes, and incident response across the entire application security landscape requires efficient policy lifecycle management tools. Using a centralized management system that provides visibility into the security posture of all WAFs and the state of deployed policies can help streamline these operations. The F5 Policy Supervisor was designed to meet this critical need. \n The Policy Supervisor allows you to easily create, convert, maintain, and deploy WAF polices across all F5 Application Security platforms. With both an easily navigated UI and robust API, the Policy Supervisor tool greatly enhances your ability to easily manage security policies at scale. \n Providers: \n In the context of the Policy Supervisor, providers are remote instances that provide WAF services, such as NGINX App Protect(NAP), BIG-IP Advanced WAF(AWAF), or F5 Distributed Cloud Web App and API Security(XC WAAP). The \"Providers\" section serves as the command center where we oboard of all our WAF instances and gain insight into their status and deployments. For BIG-IP and NGINX we employ agents to perform the onboarding. An agent is a lightweight container that stores secrets in a vault and connects the instances to the SaaS layer. For XC we use an API token, this can easily be generated by navigating to Account > Account Settings > Personal Management > Credentials> Add Credentials in the XC console. Detailed instructions for adding both types of providers are readily accessible during the \"Add Provider\" workflow. \n After successfully onboarding our providers, we can ingest the currently deployed policies and begin managing them on the platform. \n Policies: \n The \"Policies\" section serves as the central hub for overseeing the complete lifecycle of policies onboarded onto the platform. Within this section, we gain access to policy insights, including their current status and the timestamp of their last modification. Selecting a specific policy opens up the \"Policy Details\" panel, offering a comprehensive suite of options. Here, you can edit, convert, deploy, export, or remove the policy, while also accessing essential information regarding policy-related actions and reports detailing those actions. \n The tool additionally features an editor equipped with real-time syntax validation and auto-completion, allowing you to create new or edit existing polices on the fly. \n Policy Deployment: \n Navigating the policy deployment process within the policy supervisor is a seamless and user-friendly experience. To initiate the process select \"Deploy\" from the \"Policy Details\" panel then selecting the source and target or targets. The platform first begins the conversion process to ensure the policy aligns with the features supported by the targets. Following this conversion, you'll receive a detailed report providing you with information on what was and was not converted. Once you've reviewed the conversion results and are satisfied with the outcome, select the endpoints to apply the policy to, and click deploy. That's it, it's that easy. \n \n F5 Policy Conversion Utility: \n The F5 Policy Conversion tool allows you to transform JSON or XML formatted policies from an NGINX or BIG-IP into a format compatible with your desired target - any application security product in the F5 portfolio. This user-friendly tool requires no authentication, offering hassle-free access at https://policysupervisor.io/convert. \n The interface has an intuitive design, simplifying the process: select your source and target types, upload your JSON or XML formatted policy, and with a simple click, initiate the conversion. Upon completion, the tool provides a comprehensive package that includes a detailed report on the conversion process and your newly adapted policies, ready for deployment onto your chosen target. \n Whether you are augmenting a F5 BIG-IP Advanced WAF fleet with F5 XC WAAP at the edge, decomposing a monolithic application and protecting the new microservice with NIGNX App Protect, or augmenting a multi-cloud security strategy with F5 XC WAAP at the edge, the Policy Conversion utility can help ensure you are providing consistent and robust protection across each platform. \n Conclusion: \n Managing security policies across a large WAF footprint is a complex undertaking that requires constant vigilance, adaptability, and coordination. Security engineers must strike a delicate balance between safeguarding applications and ensuring their uninterrupted functionality while also staying ahead of evolving threats and maintaining a consistent security posture across the organization. By harnessing the F5 Policy Supervisor and Conversion tools, coupled with DevSecOps principles, organizations can easily deploy and maintain consistent WAF policies throughout the organization's entire application security footprint. \n Demo: \n \n \n \n \n F5 Hybrid Security Architectures: \n F5 Hybrid Security Architectures (Intro - One WAF Engine, Total Flexibility) F5 Hybrid Security Architectures (Part 1 - F5's Distributed Cloud WAF and BIG-IP Advanced WAF) F5 Hybrid Security Architectures (Part 2 - F5's Distributed Cloud WAF and NGINX App Protect WAF) F5 Hybrid Security Architectures (Part 3 - F5 XC API Protection and NGINX Ingress Controller) F5 Hybrid Security Architectures (Part 4 - F5 XC BOT and DDoS Defense and BIG-IP Advanced WAF) F5 Hybrid Security Architectures (Part 5 - F5 XC, BIG-IP APM, CIS, and NGINX Ingress Controller) \n For further information or to get started: \n \n F5 Policy Supervisor \n Distributed Cloud Platform | F5 \n F5 Distributed Cloud WAAP Services | F5 \n F5 Distributed Cloud WAAP - YouTube Series \n Compare F5 Distributed Cloud Services | F5 \n \n \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"8463","kudosSumWeight":2,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjExNjgtMjU1MThpMzc3MzY2ODc5MTRDOUJCRA?revision=24\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjExNjgtMjU2OTdpRDY3NkQ0N0M1QjE4QkQ4Ng?revision=24\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjExNjgtMjU2OTZpQzNEOTI5MEU0NDQ4QUEzQg?revision=24\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjExNjgtMjU2OTRpOERGRjhDQ0Q4Nzc4RkFGQQ?revision=24\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDU","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjExNjgtMjU2OTJpRUE4MzUzNTlDNEQ3NzhFQQ?revision=24\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDY","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjExNjgtMjU2ODZpMzc4MUREOTkyNkE4ODdDMQ?revision=24\"}"}}],"totalCount":6,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[{"__typename":"VideoEdge","cursor":"MHxodHRwczovL3lvdXR1LmJlL2FLYjRXTE1OWDhRP3NpPXZydlVNTV9XUS01c2c3SUl8MHwyNTsyNXx8","node":{"__typename":"AssociatedVideo","videoTag":{"__typename":"VideoTag","vid":"https://youtu.be/aKb4WLMNX8Q?si=vrvUMM_WQ-5sg7II","thumbnail":"https://i.ytimg.com/vi/aKb4WLMNX8Q/hqdefault.jpg","uploading":false,"height":240,"width":320,"title":null},"videoAssociationType":"INLINE_BODY"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:307349":{"__typename":"Conversation","id":"conversation:307349","topic":{"__typename":"TkbTopicMessage","uid":307349},"lastPostingActivityTime":"2023-10-12T12:15:49.137-07:00","solved":false},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjIxMzFpMjk5QURBNkE3Njg0NjRFQg?revision=80\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjIxMzFpMjk5QURBNkE3Njg0NjRFQg?revision=80","title":"CoverPhotos_0029_tim-foster-3wAPJB57w6s-unsplash.jpg","associationType":"COVER","width":1000,"height":1000,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE1MDNpNTI3Q0Q1OEVFQ0YyREE3OA?revision=80\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE1MDNpNTI3Q0Q1OEVFQ0YyREE3OA?revision=80","title":"Architecture - UC-1-detail.jpg","associationType":"BODY","width":709,"height":450,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjQ4NTFpNUNFMTQ1MzU1NDBGODA2Ng?revision=80\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjQ4NTFpNUNFMTQ1MzU1NDBGODA2Ng?revision=80","title":"Screenshot 2023-07-06 at 3.45.27 PM.png","associationType":"BODY","width":1359,"height":455,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE2MzhpNjI3MzI3QjlFNTE5NjU1NQ?revision=80\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE2MzhpNjI3MzI3QjlFNTE5NjU1NQ?revision=80","title":"Screen Shot 2023-01-13 at 6.26.23 AM.png","associationType":"BODY","width":2268,"height":1258,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE2NzlpMjBFQkZCN0UxQTU5NkRDMg?revision=80\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE2NzlpMjBFQkZCN0UxQTU5NkRDMg?revision=80","title":"Screen Shot 2023-01-13 at 2.27.11 PM.png","associationType":"BODY","width":3578,"height":114,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjQ4NTJpOTQxOTM5MTgyQ0ZEOEE1OA?revision=80\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjQ4NTJpOTQxOTM5MTgyQ0ZEOEE1OA?revision=80","title":"Screenshot 2023-07-06 at 3.48.35 PM.png","associationType":"BODY","width":764,"height":503,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE3NzJpNTU2RkUwMTQwRjI3Rjc1Mw?revision=80\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE3NzJpNTU2RkUwMTQwRjI3Rjc1Mw?revision=80","title":"Screen Shot 2023-01-17 at 8.07.35 AM.png","associationType":"BODY","width":3312,"height":242,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE3NzVpQ0VBQUYzMzc3MTM0MTZFMw?revision=80\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE3NzVpQ0VBQUYzMzc3MTM0MTZFMw?revision=80","title":"Screen Shot 2023-01-17 at 8.11.37 AM.png","associationType":"BODY","width":3246,"height":198,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE3NzZpRjc0NEFEMTkwQzNGOEMxNQ?revision=80\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE3NzZpRjc0NEFEMTkwQzNGOEMxNQ?revision=80","title":"Screen Shot 2023-01-17 at 8.12.17 AM.png","associationType":"BODY","width":3244,"height":194,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE2NTNpMDJCOUNDOTBENTI1REY3NA?revision=80\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE2NTNpMDJCOUNDOTBENTI1REY3NA?revision=80","title":"Screen Shot 2023-01-13 at 11.57.41 AM.png","associationType":"BODY","width":1716,"height":100,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjQ4NTNpOTgxRDgwODBCN0IyMzA2RQ?revision=80\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjQ4NTNpOTgxRDgwODBCN0IyMzA2RQ?revision=80","title":"Screenshot 2023-07-06 at 4.01.27 PM.png","associationType":"BODY","width":1468,"height":80,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE3OTZpOUFBOTQ1RjdEODU0N0FGRg?revision=80\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE3OTZpOUFBOTQ1RjdEODU0N0FGRg?revision=80","title":"Screen Shot 2023-01-17 at 1.43.38 PM.png","associationType":"BODY","width":1302,"height":358,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE4MDFpODhGNEFENDUxM0M1RjczQw?revision=80\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE4MDFpODhGNEFENDUxM0M1RjczQw?revision=80","title":"Screen Shot 2023-01-17 at 1.45.18 PM.png","associationType":"BODY","width":2558,"height":140,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE4NzVpMTc4MjNFRTFFRTgzQzU0OQ?revision=80\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE4NzVpMTc4MjNFRTFFRTgzQzU0OQ?revision=80","title":"Screen Shot 2023-01-18 at 8.48.15 AM.png","associationType":"BODY","width":1176,"height":260,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE3NzdpMkJCMkNCMzdBNkYyNEQ5Qg?revision=80\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE3NzdpMkJCMkNCMzdBNkYyNEQ5Qg?revision=80","title":"Screen Shot 2023-01-17 at 8.11.58 AM.png","associationType":"BODY","width":3242,"height":192,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE3NzhpM0ZGQkM3RjFDQjQ3MDYxRA?revision=80\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE3NzhpM0ZGQkM3RjFDQjQ3MDYxRA?revision=80","title":"Screen Shot 2023-01-17 at 8.14.14 AM.png","associationType":"BODY","width":3236,"height":188,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjQ4NTRpMjAzRkI2REYyRUIwQjhBMQ?revision=80\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjQ4NTRpMjAzRkI2REYyRUIwQjhBMQ?revision=80","title":"Screenshot 2023-07-06 at 4.02.42 PM.png","associationType":"BODY","width":1223,"height":68,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE4MDBpMDAwN0YwNTlDNDQ3NjkzNA?revision=80\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE4MDBpMDAwN0YwNTlDNDQ3NjkzNA?revision=80","title":"Screen Shot 2023-01-17 at 1.47.44 PM.png","associationType":"BODY","width":2560,"height":134,"altText":null},"TkbTopicMessage:message:307349":{"__typename":"TkbTopicMessage","subject":"F5 Hybrid Security Architectures (Part 1 - F5's Distributed Cloud WAF and BIG-IP Advanced WAF)","conversation":{"__ref":"Conversation:conversation:307349"},"id":"message:307349","revisionNum":80,"uid":307349,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:217018"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" Here in our first example solution, we will be using Terraform to deploy an application server running the OWASP Juice Shop application serviced by a F5 BIG-IP Advanced WAF Virtual Edition. We will supplement this with F5 Distributed Cloud Web App and API Protection to provide complimentary security at the edge. Everything will be tied together using GitHub Actions for CI/CD and Terraform Cloud to maintain state. ","introduction":"","metrics":{"__typename":"MessageMetrics","views":6653},"postTime":"2023-01-18T09:33:25.948-08:00","lastPublishTime":"2023-10-12T12:15:49.137-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Introduction \n For those of you following along with the F5 Hybrid Security Architectures series, welcome back! If this is your first foray into the series and would like some background, have a look at the intro article. This series is using the F5 Hybrid Security Architectures GitHub repo and CI/CD platform to deploy F5 based hybrid security solutions based on DevSecOps principles. This repo is a community-supported effort to provide not only a demo and workshop, but also a stepping stone for using these practices in your own F5 deployments. If you find any bugs or have any enhancement requests, open an issue, or better yet, contribute! \n Here in our first example solution, we will be using Terraform to deploy an application server running the OWASP Juice Shop application serviced by a F5 BIG-IP Advanced WAF Virtual Edition. We will supplement this with F5 Distributed Cloud Web App and API Protection to provide complimentary security at the edge. Everything will be tied together using GitHub Actions for CI/CD and Terraform Cloud to maintain state. \n Distributed Cloud WAF: Available for SaaS-based deployments in a distributed environment that reduces operational overhead with an optional fully managed service. \n BIG-IP Advanced WAF: Available for on-premises / data center and public or private cloud (virtual edition) deployment, for robust, high-performance web application, and API security with granular, self-managed controls. \n \n XC WAF + BIG-IP Advanced WAF Workflow \n GitHub Repo: \n F5 Hybrid Security Architectures \n Prerequisites: \n \n F5 Distributed Cloud Account (F5 XC) \n Create an F5 XC API certificate \n AWS Account — Due to the assets being created, a free tier will not work. NOTE: You must be subscribed to the F5 BIG-IP AMI being used in the AWS Marketplace. \n Terraform Cloud Account \n GitHub Account \n \n Assets: \n \n xc: F5 Distributed Cloud WAAP \n bigip-base: F5 BIG-IP Base deployment \n bigip-awaf: F5 BIG-IP Advanced WAF config \n infra: AWS Infrastructure (VPC, IGW, etc.) \n juiceshop: OWASP Juice Shop test web application \n \n Tools: \n \n Cloud Provider: AWS \n Infrastructure as Code: Terraform \n Infrastructure as Code State: Terraform Cloud \n CI/CD: GitHub Actions \n \n Terraform Cloud: \n Workspaces: Create a workspace for each asset in the workflow chosen \n \n \n \n Workflow \n Workspaces \n \n \n xc-bigip \n infra, bigip-base, bigip-awaf, juiceshop, xc \n \n \n \n Workspace Sharing: Under the settings for each Workspace, set the Remote state sharing to share with each Workspace created. \n Your Terraform Cloud console should resemble the following: \n \n Variable Set: Create a Variable Set with the following values. IMPORTANT: Ensure sensitive values are appropriately marked. \n \n AWS_ACCESS_KEY_ID: Your AWS Access Key ID - Environment Variable \n AWS_SECRET_ACCESS_KEY: Your AWS Secret Access Key - Environment Variable \n AWS_SESSION_TOKEN: Your AWS Session Token - Environment Variable \n VOLT_API_P12_FILE: Your F5 XC API certificate. Set this to api.p12 - Environment Variable \n VES_P12_PASSWORD: Set this to the password you supplied when creating your F5 XC API key. - Environment Variable \n ssh_key: Your ssh key for access to created BIG-IP and compute assets. - Terrraform Variable \n admin_src_addr: The source address of your administrative workstation. - Terraform Variable Environment Variable \n tf_cloud_organization: Your Terraform Cloud Organization name - Terraform Variable \n \n Your Variable Set should resemble the following: \n \n GitHub: \n Fork and Clone Repo: F5 Hybrid Security Architectures \n Actions Secrets: Create the following GitHub Actions secrets in your forked repo \n \n P12: The base64 encoded F5 XC API certificate \n TF_API_TOKEN: Your Terraform Cloud API token \n TF_CLOUD_ORGANIZATION: Your Terraform Cloud Organization \n TF_CLOUD_WORKSPACE_workspace: Create for each workspace used in your workflow. EX: TF_CLOUD_WORKSPACE_BIGIP_BASE would be created with the value bigip-base \n \n Your GitHub Actions Secrets should resemble the following: \n \n \n Terraform Local Variables: \n Step 1: Rename infra/terraform.tfvars.examples to infra/terraform.tfvars and add the following data \n project_prefix = \"Your project identifier\"\nresource_owner = \"You\"\naws_region = \"Your AWS region\" ex: us-west-1\nazs = \"Your AWS availability zones\" ex: [\"us-west-1a\", \"us-west-1b\"] \n\n#Assets\nnic = false\nnap = false\nbigip = true\nbigip-cis = false \n \n Step 2: Rename bigip-base/terraform.tfvars.examples to bigip-base/terraform.tfvars and add the following data \n f5_ami_search_name = \"F5 BIGIP-16.1.3* PAYG-Adv WAF Plus 25Mbps*\"\naws_secretmanager_auth = false\n\n#Provisioning set to nominal or none\nasm = \"nominal\"\napm = \"none\" \n Step 3: Rename bigip-awaf/terraform.tfvars.examples to bigip-awaf/terraform.tfvars and add the following data \n awaf_config_payload = \"awaf-config.json\" \n Step 4: Rename xc/terraform.tfvars.examples to xc/terraform.tfvars and add the following data \n api_url = \"https://<YOUR TENANT>.console.ves.volterra.io/api\"\nxc_tenant = \"Your tenant id available in F5 XC Administration section Tenant Overview\"\nxc_namespace = \"Your XC Namespace\"\napp_domain = \"Your APP FQDN\"\nxc_waf_blocking = true \n \n Step 4: Commit your changes \n \n \n Deployment Workflow: \n Step 1: Check out a branch for the deploy workflow using the following naming convention \n \n xc-bigip deployment branch: deploy-xc-bigip \n \n \n Step 2: Push your deploy branch to the forked repo \n \n Step 3: Back in GitHub, navigate to the Actions tab of your forked repo and monitor your build \n \n \n Step 4: Once the pipeline completes, verify your assets were deployed to AWS and F5 XC Note: Check the terraform outputs of the bigip-base job for the randomly generated password for BIG-IP GUI access \n F5 BIG-IP Terraform Outputs: \n \n Step 5: Verify your app is available by navigating to the app domain FQDN you provided in the setup. Note: The autocert process takes time. It may be 5 to 10 minutes before Let's Encrypt has provided the cert \n \n F5 XC Terraform Outputs: \n \n Destroy Workflow: \n Step 1: From your main branch, check out a new branch for the destroy workflow using the following naming convention \n \n xc-bigip destroy branch: destroy-xc-bigip \n \n \n Step 2: Push your destroy branch to the forked repo \n \n Step 3: Back in GitHub, navigate to the Actions tab of your forked repo and monitor your workflow \n \n \n Step 4: Once the pipeline completes, verify your assets were destroyed in AWS and F5 XC \n \n Conclusion \n In this article, we have shown how to utilize the F5 Hybrid Security Architectures GitHub repo and CI/CD pipeline to deploy a tiered security architecture utilizing F5 XC WAF and BIG-IP Advanced WAF to protect a test web application. While the code and security policies deployed are generic and not inclusive of all use-cases, they can be used as a steppingstone for deploying F5 based hybrid architectures in your own environments. \n Workloads are increasingly deployed across multiple diverse environments and application architectures. Organizations need the ability to protect their essential applications regardless of deployment or architecture circumstances. Equally important is the need to deploy these protections with the same flexibility and speed as the apps they protect. With the F5 WAF portfolio, coupled with DevSecOps principles, organizations can deploy and maintain industry-leading security without sacrificing the time to value of their applications. Not only can Edge and Shift Left principles exist together, but they can also work in harmony to provide a more effective security solution. \n \n Article Series: \n F5 Hybrid Security Architectures (Intro - One WAF Engine, Total Flexibility) F5 Hybrid Security Architectures (Part 1 - F5's Distributed Cloud WAF and BIG-IP Advanced WAF) F5 Hybrid Security Architectures (Part 2 - F5's Distributed Cloud WAF and NGINX App Protect WAF) F5 Hybrid Security Architectures (Part 3 - F5 XC API Protection and NGINX Ingress Controller) F5 Hybrid Security Architectures (Part 4 - F5 XC BOT and DDoS Defense and BIG-IP Advanced WAF) F5 Hybrid Security Architectures (Part 5 - F5 XC, BIG-IP APM, CIS, and NGINX Ingress Controller) \n For further information or to get started: \n \n F5 Distributed Cloud Platform \n F5 Distributed Cloud WAAP Services \n F5 Distributed Cloud WAAP YouTube series \n F5 Distributed Cloud WAAP Get Started \n \n \n \n \n \n \\ ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"8765","kudosSumWeight":4,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjIxMzFpMjk5QURBNkE3Njg0NjRFQg?revision=80\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE1MDNpNTI3Q0Q1OEVFQ0YyREE3OA?revision=80\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjQ4NTFpNUNFMTQ1MzU1NDBGODA2Ng?revision=80\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE2MzhpNjI3MzI3QjlFNTE5NjU1NQ?revision=80\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDU","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE2NzlpMjBFQkZCN0UxQTU5NkRDMg?revision=80\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDY","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjQ4NTJpOTQxOTM5MTgyQ0ZEOEE1OA?revision=80\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDc","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE3NzJpNTU2RkUwMTQwRjI3Rjc1Mw?revision=80\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDg","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE3NzVpQ0VBQUYzMzc3MTM0MTZFMw?revision=80\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDk","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE3NzZpRjc0NEFEMTkwQzNGOEMxNQ?revision=80\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDEw","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE2NTNpMDJCOUNDOTBENTI1REY3NA?revision=80\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDEx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjQ4NTNpOTgxRDgwODBCN0IyMzA2RQ?revision=80\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDEy","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE3OTZpOUFBOTQ1RjdEODU0N0FGRg?revision=80\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDEz","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE4MDFpODhGNEFENDUxM0M1RjczQw?revision=80\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE0","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE4NzVpMTc4MjNFRTFFRTgzQzU0OQ?revision=80\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE1","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE3NzdpMkJCMkNCMzdBNkYyNEQ5Qg?revision=80\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE2","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE3NzhpM0ZGQkM3RjFDQjQ3MDYxRA?revision=80\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE3","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjQ4NTRpMjAzRkI2REYyRUIwQjhBMQ?revision=80\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE4","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDczNDktMjE4MDBpMDAwN0YwNTlDNDQ3NjkzNA?revision=80\"}"}}],"totalCount":18,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[{"__typename":"VideoEdge","cursor":"MHxodHRwczovL3lvdXR1LmJlL0otQUQ5M2tsZjA0fDB8MjU7MjV8fA","node":{"__typename":"AssociatedVideo","videoTag":{"__typename":"VideoTag","vid":"https://youtu.be/J-AD93klf04","thumbnail":"https://i.ytimg.com/vi/J-AD93klf04/hqdefault.jpg","uploading":false,"height":113,"width":200,"title":null},"videoAssociationType":"INLINE_BODY"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:320168":{"__typename":"Conversation","id":"conversation:320168","topic":{"__typename":"TkbTopicMessage","uid":320168},"lastPostingActivityTime":"2023-09-22T21:12:29.780-07:00","solved":false},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MTdpN0Q1QzVGNzI0N0REQzYxNA?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MTdpN0Q1QzVGNzI0N0REQzYxNA?revision=10","title":"UC-5.jpg","associationType":"BODY","width":1280,"height":720,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MDRpQjQ4NTI2RDE1MkIzMUJBRg?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MDRpQjQ4NTI2RDE1MkIzMUJBRg?revision=10","title":"Screenshot 2023-08-21 at 11.25.15 AM.png","associationType":"BODY","width":1118,"height":625,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjQ1ODdpODZCOEI1QjY5NzlCM0U4QQ?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjQ1ODdpODZCOEI1QjY5NzlCM0U4QQ?revision=10","title":"Screenshot 2023-06-26 at 1.59.11 PM.png","associationType":"BODY","width":1122,"height":634,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjI2MDVpOUE1NEY3M0VCQjk4NjdEQg?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjI2MDVpOUE1NEY3M0VCQjk4NjdEQg?revision=10","title":"Cameron_Delano_0-1676993990907.png","associationType":"BODY","width":999,"height":32,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MDVpQzY0OUJCOEM2RTUzMTZGNw?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MDVpQzY0OUJCOEM2RTUzMTZGNw?revision=10","title":"Screenshot 2023-08-21 at 11.32.45 AM.png","associationType":"BODY","width":774,"height":706,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MDZpOEUxQzNERDg3RDY4MzJBNA?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MDZpOEUxQzNERDg3RDY4MzJBNA?revision=10","title":"Screenshot 2023-08-21 at 11.37.36 AM.png","associationType":"BODY","width":1261,"height":61,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MTRpRDlEOTAwREYzNjYxRkM0RQ?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MTRpRDlEOTAwREYzNjYxRkM0RQ?revision=10","title":"Screenshot 2023-08-21 at 12.09.12 PM.png","associationType":"BODY","width":1325,"height":105,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MTVpNkQyMkZDNTJENDYyNUVGQg?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MTVpNkQyMkZDNTJENDYyNUVGQg?revision=10","title":"Screenshot 2023-08-21 at 11.58.36 AM.png","associationType":"BODY","width":1443,"height":386,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjQ1ODlpMzIxRUQwODgwOEFENTcwMQ?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjQ1ODlpMzIxRUQwODgwOEFENTcwMQ?revision=10","title":"Screenshot 2023-06-26 at 2.07.20 PM.png","associationType":"BODY","width":1512,"height":215,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjI2MTNpQ0JFMDMwRTQ4MTUzOUZDMw?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjI2MTNpQ0JFMDMwRTQ4MTUzOUZDMw?revision=10","title":"Screenshot 2023-02-21 at 8.14.58 AM.png","associationType":"BODY","width":1736,"height":100,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MDhpM0M2NkVDRkRDOUQxRkUwRA?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MDhpM0M2NkVDRkRDOUQxRkUwRA?revision=10","title":"Screenshot 2023-08-21 at 11.45.28 AM.png","associationType":"BODY","width":1265,"height":36,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MDlpQ0U1MUU5MENEMjAxNEI0Qg?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MDlpQ0U1MUU5MENEMjAxNEI0Qg?revision=10","title":"Screenshot 2023-08-21 at 11.45.28 AM.png","associationType":"BODY","width":1265,"height":36,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjI2MTVpNzBENjhBMkZCQkI0NzIxMA?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjI2MTVpNzBENjhBMkZCQkI0NzIxMA?revision=10","title":"Cameron_Delano_1-1676996401432.png","associationType":"BODY","width":995,"height":58,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MDdpMkY3QzJFNUEzREUxREEyMw?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MDdpMkY3QzJFNUEzREUxREEyMw?revision=10","title":"Screenshot 2023-08-21 at 11.43.51 AM.png","associationType":"BODY","width":1198,"height":295,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MTBpRjM4NjA4ODkyNjA3REZFMg?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MTBpRjM4NjA4ODkyNjA3REZFMg?revision=10","title":"Screenshot 2023-08-21 at 11.48.38 AM.png","associationType":"BODY","width":1194,"height":60,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjQ1OTJpODkxMUFGMUZFNzhFQkZBMQ?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjQ1OTJpODkxMUFGMUZFNzhFQkZBMQ?revision=10","title":"Screenshot 2023-06-26 at 2.17.31 PM.png","associationType":"BODY","width":1123,"height":145,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjQ1OTNpM0Y5ODAxRkI3QTAyNDBERQ?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjQ1OTNpM0Y5ODAxRkI3QTAyNDBERQ?revision=10","title":"Screenshot 2023-06-26 at 2.19.56 PM.png","associationType":"BODY","width":1587,"height":530,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MTJpRDQwNEZDNTg3MkJEOTU2OA?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MTJpRDQwNEZDNTg3MkJEOTU2OA?revision=10","title":"Screenshot 2023-08-21 at 11.52.44 AM.png","associationType":"BODY","width":1263,"height":68,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MTNpMzQyM0RFNTUwNTQ5NjQzNg?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MTNpMzQyM0RFNTUwNTQ5NjQzNg?revision=10","title":"Screenshot 2023-08-21 at 11.56.49 AM.png","associationType":"BODY","width":1271,"height":41,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MTZpOEI4MURDODM3QkYxQ0U1MQ?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MTZpOEI4MURDODM3QkYxQ0U1MQ?revision=10","title":"Screenshot 2023-08-21 at 12.13.37 PM.png","associationType":"BODY","width":1207,"height":347,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MTFpNjVDQTA3RjFEMTlGRDhCQQ?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MTFpNjVDQTA3RjFEMTlGRDhCQQ?revision=10","title":"Screenshot 2023-08-21 at 11.51.17 AM.png","associationType":"BODY","width":1191,"height":64,"altText":null},"TkbTopicMessage:message:320168":{"__typename":"TkbTopicMessage","subject":"F5 Hybrid Security Architectures (Part 5 - F5 XC, BIG-IP APM, CIS, and NGINX Ingress Controller)","conversation":{"__ref":"Conversation:conversation:320168"},"id":"message:320168","revisionNum":10,"uid":320168,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:217018"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" Here in this example solution, we will be using DevSecOps practices to deploy an AWS Elastic Kubernetes Service (EKS) cluster running the Brewz test web application serviced by F5 NGINX Ingress Controller. To secure our application and APIs, we will deploy F5 Distributed Cloud's Web App and API Protection service as well as F5 BIG-IP Access Policy Manger and Advanced WAF. We will then use F5 Container Ingress Service and IngressLink to tie it all together. ","introduction":"","metrics":{"__typename":"MessageMetrics","views":1766},"postTime":"2023-09-11T05:00:00.059-07:00","lastPublishTime":"2023-09-22T21:12:29.780-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" \n Introduction: \n For those of you following along with the F5 Hybrid Security Architectures series, welcome back! If this is your first foray into the series and would like some background, have a look at the intro article. This series is using the F5 Hybrid Security Architectures GitHub repo and CI/CD platform to deploy F5 based hybrid security solutions based on DevSecOps principles. This repo is a community supported effort to provide not only a demo and workshop, but also a stepping stone for utilizing these practices in your own F5 deployments. If you find any bugs or have any enhancement requests, open a issue or better yet contribute! \n Use Case: \n Here in this example solution, we will be using DevSecOps practices to deploy an AWS Elastic Kubernetes Service (EKS) cluster running the Brewz test web application serviced by F5 NGINX Ingress Controller. To secure our application and APIs, we will deploy F5 Distributed Cloud's Web App and API Protection service as well as F5 BIG-IP Access Policy Manger and Advanced WAF. We will then use F5 Container Ingress Service and IngressLink to tie it all together. \n Distributed Cloud WAAP: Available for SaaS-based deployments and provides comprehensive security solutions designed to safeguard web applications and APIs from a wide range of cyber threats. \n BIG-IP Access Policy Manager(APM) and Advanced WAF: Available for on-premises / data center and public or private cloud (virtual edition) deployment, for robust, high-performance web application and API security with granular, self-managed controls. \n BIG-IP Container Ingress Services: A container integration solution that helps developers and system teams manage Ingress HTTP routing, load-balancing, and application services in container deployments. \n F5 IngressLink: Combines BIG-IP, Container Ingress Services (CIS), and NGINX Ingress Controller to deliver unified app services for fast-changing, modern applications in Kubernetes environments. \n NIGNX Ingress Controller for Kubernetes: A lightweight software solution that helps manage app connectivity at the edge of a Kubernetes cluster by directing requests to the appropriate services and pods. \n \n XC WAAP + BIG-IP Access Policy Manager + F5 Container Ingress Services + NGINX Ingress Controller Workflow \n GitHub Repo: \n F5 Hybrid Security Architectures \n Prerequisites: \n \n F5 Distributed Cloud Account (F5 XC) \n Create an F5 XC API certificate \n NGINX Ingress Controller license \n AWS Account - Due to the assets being created, free tier will not work. NOTE: You must be subscribed to the F5 BIG-IP AMI being used in the AWS Marketplace. \n Terraform Cloud Account \n GitHub Account \n \n Assets \n \n xc: F5 Distributed Cloud WAAP \n nic: NGINX Ingress Controller \n bigip-base: F5 BIG-IP Base deployment \n bigip-cis: F5 Container Ingress Services \n infra: AWS Infrastructure (VPC, IGW, etc.) \n eks: AWS Elastic Kubernetes Service \n brewz: Brewz SPA test web application \n \n Tools \n \n Cloud Provider: AWS \n Infrastructure as Code: Terraform \n Infrastructure as Code State: Terraform Cloud \n CI/CD: GitHub Actions \n \n Terraform Cloud \n Workspaces: Create a workspace for each asset in the workflow chosen \n \n \n \n Workflow \n Workspaces \n \n \n xcbn-cis \n infra, bigip-base, bigip-cis, eks, nic, brewz, xc \n \n \n \n Your Terraform Cloud console should resemble the following: \n \n Variable Set: Create a Variable Set with the following values. IMPORTANT: Ensure sensitive values are appropriately marked. \n \n AWS_ACCESS_KEY_ID: Your AWS Access Key ID - Environment Variable \n AWS_SECRET_ACCESS_KEY: Your AWS Secret Access Key - Environment Variable \n AWS_SESSION_TOKEN: Your AWS Session Token - Environment Variable \n VOLT_API_P12_FILE: Your F5 XC API certificate. Set this to api.p12 - Environment Variable \n VES_P12_PASSWORD: Set this to the password you supplied when creating your F5 XC API key - Environment Variable \n nginx_jwt: Your NGINX Java Web Token associated with your NGINX license - Terraform Variable \n tf_cloud_organization: Your Terraform Cloud Organization name - Terraform Variable \n \n Your Variable Set should resemble the following: \n \n GitHub \n Fork and Clone Repo: F5 Hybrid Security Architectures \n \n Actions Secrets: Create the following GitHub Actions secrets in your forked repo \n \n XC_P12: The base64 encoded F5 XC API certificate \n TF_API_TOKEN: Your Terraform Cloud API token \n TF_CLOUD_ORGANIZATION: Your Terraform Cloud Organization \n TF_CLOUD_WORKSPACE_workspace: Create for each workspace used in your workflow. EX: TF_CLOUD_WORKSPACE_XC would be created with the value xc \n \n Your GitHub Actions Secrets should resemble the following: \n \n Setup Deployment Branch and Terraform Local Variables: \n Step 1: Check out a branch for the deploy workflow using the following naming convention \n xcbn-cis deployment branch: deploy-xcbn-cis \n Step 2: Upload the Brewz OAS file to XC * From the side menue under Manage, navigate to Files->Swagger Files and choose Add Swagger File \n \n * Upload Brewz OAS file from the repo f5-hybrid-security-architectures/brewz/brewz-oas.yaml \n \n Step 3: Rename infra/terraform.tfvars.examples to infra/terraform.tfvars and add the following data \n \n #Global\nproject_prefix = \"Your project identifier\"\nresource_owner = \"You\"\n\n#AWS\naws_region = \"Your AWS region\" ex: us-west-1\nazs = \"Your AWS availability zones\" ex: [\"us-west-1a\", \"us-west-1b\"] \n\n#Assets\nnic = true\nnap = false\nbigip = true\nbigip-cis = true \n \n Step 4: Rename xc/terraform.tfvars.examples to xc/terraform.tfvars and add the following data \n \n #XC Global\napi_url = \"https://<Your Tenant>.console.ves.volterra.io/api\"\nxc_tenant = \"Your XC Tenant ID\"\nxc_namespace = \"Your XC namespace\"\n\n#XC LB\napp_domain = \"Your App Domain\"\n\n#XC WAF\nxc_waf_blocking = true\n\n#XC AI/ML Settings for MUD, APIP - NOTE: Only set if using AI/ML settings from the shared namespace\nxc_app_type = []\nxc_multi_lb = false\n\n#XC API Protection and Discovery\nxc_api_disc = true\nxc_api_pro = true\nxc_api_spec = [\"Path to uploaded API spec\"] *See below screen shot for how to obtain this value.\n\n#XC Bot Defense\nxc_bot_def = false\n\n#XC DDoS\nxc_ddos = false\n\n#XC Malicious User Detection\nxc_mud = false \n \n * For Path to API Spec navigate to Manage->Files->Swagger Files, click the three dots next to your OAS, and choose \"Copy Latest Version's URL\". Paste this into the xc_api_spec in the xc/terraform.tfvars. \n \n Step 5: Modify line 16 in the .gitignore and comment out the *.tfvars line with # and save the file \n \n Step 6: Commit your changes \n Deployment: \n Step 1: Push your deploy branch to the forked repo \n \n Step 2: Back in GitHub, navigate to the Actions tab of your forked repo and monitor your build \n \n \n Step 3: Once the pipeline completes, verify your assets were deployed to AWS and F5 XC \n \n Step 4: Check your Terraform Outputs for XC and verify your app is available by navigating to the FQDN \n \n Step 5: Configure F5 APM and Advanced WAF following the guide here. \n API Discovery: \n The F5 XC WAAP platform learns the schema structure of the API by analyzing sampled request data, then reverse-engineering the schema to generates an OpenAPI spec. The platform validates what is deploy versus what is discovered and tags any Shadow APIs that are found. We can then download the learned schema and use it to augment our BIG-IP APM API protection configuration. \n \n Deployment Teardown: \n Step 1: From your deployment branch check out a branch for the destroy workflow using the following naming convention \n xcbn-cis destroy branch: destroy-xcbn-cis \n \n Step 2: Push your destroy branch to the forked repo \n \n Step 3: Back in GitHub, navigate to the Actions tab of your forked repo and monitor your build \n \n \n Step 4: Once the pipeline completes, verify your assets were destroyed \n \n \n \n \n \n Conclusion: \n In this article we have shown how to utilize the F5 Hybrid Security Architectures GitHub repo and CI/CD pipeline to deploy a tiered security architecture utilizing F5 XC WAAP, F5 BIG-IP, and NGINX Ingress Controller to protect a test API running in AWS EKS. While the code and security policies deployed are generic and not inclusive of all use-cases, they can be used as a steppingstone for deploying F5 based hybrid architectures in your own environments. \n Workloads are increasingly deployed across multiple diverse environments and application architectures. Organizations need the ability to protect their essential applications regardless of deployment or architecture circumstances. Equally important is the need to deploy these protections with the same flexibility and speed as the apps they protect. With the F5 WAF portfolio, coupled with DevSecOps principles, organizations can deploy and maintain industry-leading security without sacrificing the time to value of their applications. Not only can Edge and Shift Left principles exist together, but they can also work in harmony to provide a more effective security solution. \n \n \n Article Series: \n F5 Hybrid Security Architectures (Intro - One WAF Engine, Total Flexibility) F5 Hybrid Security Architectures (Part 1 - F5's Distributed Cloud WAF and BIG-IP Advanced WAF) F5 Hybrid Security Architectures (Part 2 - F5's Distributed Cloud WAF and NGINX App Protect WAF) F5 Hybrid Security Architectures (Part 3 - F5 XC API Protection and NGINX Ingress Controller) F5 Hybrid Security Architectures (Part 4 - F5 XC BOT and DDoS Defense and BIG-IP Advanced WAF) F5 Hybrid Security Architectures (Part 5 - F5 XC, BIG-IP APM, CIS, and NGINX Ingress Controller) \n For further information or to get started: \n \n F5 Distributed Cloud Platform (Link) \n F5 Distributed Cloud WAAP Services (Link) \n F5 Distributed Cloud WAAP YouTube series (Link) \n F5 Distributed Cloud WAAP Get Started (Link) \n \n \n \n \n \n \n \n \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"10347","kudosSumWeight":3,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MTdpN0Q1QzVGNzI0N0REQzYxNA?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MDRpQjQ4NTI2RDE1MkIzMUJBRg?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjQ1ODdpODZCOEI1QjY5NzlCM0U4QQ?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjI2MDVpOUE1NEY3M0VCQjk4NjdEQg?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDU","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MDVpQzY0OUJCOEM2RTUzMTZGNw?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDY","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MDZpOEUxQzNERDg3RDY4MzJBNA?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDc","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MTRpRDlEOTAwREYzNjYxRkM0RQ?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDg","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MTVpNkQyMkZDNTJENDYyNUVGQg?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDk","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjQ1ODlpMzIxRUQwODgwOEFENTcwMQ?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDEw","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjI2MTNpQ0JFMDMwRTQ4MTUzOUZDMw?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDEx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MDhpM0M2NkVDRkRDOUQxRkUwRA?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDEy","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MDlpQ0U1MUU5MENEMjAxNEI0Qg?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDEz","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjI2MTVpNzBENjhBMkZCQkI0NzIxMA?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE0","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MDdpMkY3QzJFNUEzREUxREEyMw?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE1","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MTBpRjM4NjA4ODkyNjA3REZFMg?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE2","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjQ1OTJpODkxMUFGMUZFNzhFQkZBMQ?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE3","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjQ1OTNpM0Y5ODAxRkI3QTAyNDBERQ?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE4","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MTJpRDQwNEZDNTg3MkJEOTU2OA?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE5","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MTNpMzQyM0RFNTUwNTQ5NjQzNg?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDIw","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MTZpOEI4MURDODM3QkYxQ0U1MQ?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDIx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjAxNjgtMjU0MTFpNjVDQTA3RjFEMTlGRDhCQQ?revision=10\"}"}}],"totalCount":21,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[{"__typename":"VideoEdge","cursor":"MHxodHRwczovL3lvdXR1LmJlL3VxbTF6OGRoTnZFP3NpPW5tSVhscEZCZUpBSWxseTh8MHwyNTsyNXx8","node":{"__typename":"AssociatedVideo","videoTag":{"__typename":"VideoTag","vid":"https://youtu.be/uqm1z8dhNvE?si=nmIXlpFBeJAIlly8","thumbnail":"https://i.ytimg.com/vi/uqm1z8dhNvE/hqdefault.jpg","uploading":false,"height":113,"width":200,"title":null},"videoAssociationType":"INLINE_BODY"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:312342":{"__typename":"Conversation","id":"conversation:312342","topic":{"__typename":"TkbTopicMessage","uid":312342},"lastPostingActivityTime":"2023-09-15T09:22:04.696-07:00","solved":false},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjIyMDBpOTY5NjVCMUQwNjM2QjUwOA?revision=14\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjIyMDBpOTY5NjVCMUQwNjM2QjUwOA?revision=14","title":"CoverPhotos_0011_milad-fakurian-QyzoWdqsKKM-unsplash.jpg","associationType":"COVER","width":1000,"height":1000,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjMxMDBpMDM3MzBFMEY5QkRDNDJDNg?revision=14\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjMxMDBpMDM3MzBFMEY5QkRDNDJDNg?revision=14","title":"Architecture - UC-4-detail.jpeg","associationType":"BODY","width":1617,"height":1043,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjQ4NTVpQkM0MDVDNDA0NjRFRjJGOQ?revision=14\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjQ4NTVpQkM0MDVDNDA0NjRFRjJGOQ?revision=14","title":"Screenshot 2023-07-06 at 3.45.27 PM.png","associationType":"BODY","width":1359,"height":455,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjE2MzhpNjI3MzI3QjlFNTE5NjU1NQ?revision=14\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjE2MzhpNjI3MzI3QjlFNTE5NjU1NQ?revision=14","title":"Screen Shot 2023-01-13 at 6.26.23 AM.png","associationType":"BODY","width":2268,"height":1258,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjE2NzlpMjBFQkZCN0UxQTU5NkRDMg?revision=14\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjE2NzlpMjBFQkZCN0UxQTU5NkRDMg?revision=14","title":"Screen Shot 2023-01-13 at 2.27.11 PM.png","associationType":"BODY","width":3578,"height":114,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjQ4NTZpQUM4OEVBNzg3RjM0ODBGMA?revision=14\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjQ4NTZpQUM4OEVBNzg3RjM0ODBGMA?revision=14","title":"Screenshot 2023-07-06 at 3.48.35 PM.png","associationType":"BODY","width":764,"height":503,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjE3NzVpQ0VBQUYzMzc3MTM0MTZFMw?revision=14\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjE3NzVpQ0VBQUYzMzc3MTM0MTZFMw?revision=14","title":"Screen Shot 2023-01-17 at 8.11.37 AM.png","associationType":"BODY","width":3246,"height":198,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjE3NzJpNTU2RkUwMTQwRjI3Rjc1Mw?revision=14\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjE3NzJpNTU2RkUwMTQwRjI3Rjc1Mw?revision=14","title":"Screen Shot 2023-01-17 at 8.07.35 AM.png","associationType":"BODY","width":3312,"height":242,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjE3NzZpRjc0NEFEMTkwQzNGOEMxNQ?revision=14\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjE3NzZpRjc0NEFEMTkwQzNGOEMxNQ?revision=14","title":"Screen Shot 2023-01-17 at 8.12.17 AM.png","associationType":"BODY","width":3244,"height":194,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjE2NTNpMDJCOUNDOTBENTI1REY3NA?revision=14\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjE2NTNpMDJCOUNDOTBENTI1REY3NA?revision=14","title":"Screen Shot 2023-01-13 at 11.57.41 AM.png","associationType":"BODY","width":1716,"height":100,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjQ4NTdpRTA5RTNCRTFFNkFCNDk0Ng?revision=14\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjQ4NTdpRTA5RTNCRTFFNkFCNDk0Ng?revision=14","title":"Screenshot 2023-07-06 at 4.01.27 PM.png","associationType":"BODY","width":1468,"height":80,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjE3OTZpOUFBOTQ1RjdEODU0N0FGRg?revision=14\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjE3OTZpOUFBOTQ1RjdEODU0N0FGRg?revision=14","title":"Screen Shot 2023-01-17 at 1.43.38 PM.png","associationType":"BODY","width":1302,"height":358,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjMxMDJpM0JBRERGNEY4RTdCNTI2Ng?revision=14\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjMxMDJpM0JBRERGNEY4RTdCNTI2Ng?revision=14","title":"Screenshot 2023-03-26 at 7.23.47 AM.png","associationType":"BODY","width":2122,"height":118,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjE4NzVpMTc4MjNFRTFFRTgzQzU0OQ?revision=14\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjE4NzVpMTc4MjNFRTFFRTgzQzU0OQ?revision=14","title":"Screen Shot 2023-01-18 at 8.48.15 AM.png","associationType":"BODY","width":1176,"height":260,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjE3NzdpMkJCMkNCMzdBNkYyNEQ5Qg?revision=14\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjE3NzdpMkJCMkNCMzdBNkYyNEQ5Qg?revision=14","title":"Screen Shot 2023-01-17 at 8.11.58 AM.png","associationType":"BODY","width":3242,"height":192,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjE3NzhpM0ZGQkM3RjFDQjQ3MDYxRA?revision=14\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjE3NzhpM0ZGQkM3RjFDQjQ3MDYxRA?revision=14","title":"Screen Shot 2023-01-17 at 8.14.14 AM.png","associationType":"BODY","width":3236,"height":188,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjMxMDRpMkZFNjJEODM2MkU3MjE0OA?revision=14\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjMxMDRpMkZFNjJEODM2MkU3MjE0OA?revision=14","title":"Screenshot 2023-03-26 at 7.29.17 AM.png","associationType":"BODY","width":1996,"height":120,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjMxMDNpRjc1Mjk3RjkzMzgyQjNDOQ?revision=14\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjMxMDNpRjc1Mjk3RjkzMzgyQjNDOQ?revision=14","title":"Screenshot 2023-03-26 at 7.28.35 AM.png","associationType":"BODY","width":2118,"height":96,"altText":null},"TkbTopicMessage:message:312342":{"__typename":"TkbTopicMessage","subject":"F5 Hybrid Security Architectures (Part 4 - F5 XC BOT and DDoS Defense and BIG-IP Advanced WAF)","conversation":{"__ref":"Conversation:conversation:312342"},"id":"message:312342","revisionNum":14,"uid":312342,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:217018"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" Here in our fourth example solution, we will be using Terraform to deploy an application server running the OWASP Juice Shop application serviced by a F5 BIG-IP Advanced WAF Virtual Edition. We will supplement this with F5 Distributed Cloud Web App and API Protection to provide BOT and DDoS Defense at the Edge. Everything will be tied together using GitHub Actions for CI/CD and Terraform Cloud to maintain state. ","introduction":"","metrics":{"__typename":"MessageMetrics","views":5205},"postTime":"2023-04-04T05:00:00.031-07:00","lastPublishTime":"2023-09-15T09:22:04.696-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" \n Introduction \n For those of you following along with the F5 Hybrid Security Architectures series, welcome back! If this is your first foray into the series and would like some background, have a look at the intro article. This series is using the F5 Hybrid Security Architectures GitHub repo and CI/CD platform to deploy F5 based hybrid security solutions based on DevSecOps principles. This repo is a community supported effort to provide not only a demo and workshop, but also a stepping stone for utilizing these practices in your own F5 deployments. If you find any bugs or have any enhancement requests, open an issue, or better yet contribute! \n Here in our fourth example solution, we will be using Terraform to deploy an application server running the OWASP Juice Shop application serviced by a F5 BIG-IP Advanced WAF Virtual Edition. We will supplement this with F5 Distributed Cloud Web App and API Protection to provide BOT and DDoS Defense at the Edge. Everything will be tied together using GitHub Actions for CI/CD and Terraform Cloud to maintain state. \n Distributed Cloud WAAP: Available for SaaS-based deployments in a distributed environment that reduces operational overhead with an optional fully managed service. \n BIG-IP Advanced WAF: Available for on-premises / data center and public or private cloud (virtual edition) deployment, for robust, high-performance web application and API security with granular, self-managed controls. \n Bot Defense \n The F5 Distributed Cloud Bot Defense is an advanced security add-on included with the F5 Web Application and API Protection (WAAP) service, providing seamless integration for real-time safeguarding of your web applications and APIs against a diverse range of attacks. This feature enables enterprises to benefit from advanced bot defense and sophisticated security monitoring to eliminate malicious traffic targeting user accounts, content scraping, and ad fraud. \n DDoS Detection \n F5 Distributed Cloud WAAP safeguards applications from volumetric L3-L7 DDoS attacks at the network edge, allowing the app to remain globally accessible while avoiding disruption to genuine customers. Additionally, the Distributed Cloud WAAP furnishes insights into both past and ongoing attacks that have been mitigated, empowering proactive measures to thwart malicious individuals. \n \n XC WAF + BIG-IP Advanced WAF Workflow \n GitHub Repo: \n F5 Hybrid Security Architectures \n Prerequisites: \n \n F5 Distributed Cloud Account (F5 XC) \n Create an F5 XC API certificate \n AWS Account - Due to the assets being created, free tier will not work. NOTE: You must be subscribed to the F5 BIG-IP AMI being used in the AWS Marketplace. \n Terraform Cloud Account \n GitHub Account \n \n Assets: \n \n xc: F5 Distributed Cloud WAAP \n bigip-base: F5 BIG-IP Base deployment \n bigip-awaf: F5 BIG-IP Advanced WAF \n infra: AWS Infrastructure (VPC, IGW, etc.) \n juiceshop: OWASP Juice Shop test web application \n \n Tools: \n \n Cloud Provider: AWS \n Infrastructure as Code: Terraform \n Infrastructure as Code State: Terraform Cloud \n CI/CD: GitHub Actions \n \n Terraform Cloud: \n Workspaces: Create a workspace for each asset in the workflow chosen \n \n \n \n Workflow \n Workspaces \n \n \n xcbot-bigip \n infra, bigip-base, bigip-awaf, juiceshop, xc \n \n \n \n Workspace Sharing: Under the settings for each Workspace, set the Remote state sharing to share with each Workspace created. \n Your Terraform Cloud console should resemble the following: \n \n Variable Set: Create a Variable Set with the following values. IMPORTANT: Ensure sensitive values are appropriately marked. \n \n AWS_ACCESS_KEY_ID: Your AWS Access Key ID - Environment Variable \n AWS_SECRET_ACCESS_KEY: Your AWS Secret Access Key - Environment Variable \n AWS_SESSION_TOKEN: Your AWS Session Token - Environment Variable \n VOLT_API_P12_FILE: Your F5 XC API certificate. Set this to api.p12 - Environment Variable \n VES_P12_PASSWORD: Set this to the password you supplied when creating your F5 XC API key. - Environment Variable \n ssh_key: Your ssh key for access to created BIG-IP and compute assets. - Terrraform Variable \n admin_src_addr: The source address of your administrative workstation. - Terraform Variable Environment Variable \n tf_cloud_organization: Your Terraform Cloud Organization name - Terraform Variable \n \n Your Variable Set should resemble the following: \n \n GitHub: \n Fork and Clone Repo: F5 Hybrid Security Architectures \n Actions Secrets: Create the following GitHub Actions secrets in your forked repo \n \n P12: The base64 encoded F5 XC API certificate \n TF_API_TOKEN: Your Terraform Cloud API token \n TF_CLOUD_ORGANIZATION: Your Terraform Cloud Organization \n TF_CLOUD_WORKSPACE_workspace: Create for each workspace used in your workflow. EX: TF_CLOUD_WORKSPACE_BIGIP_BASE would be created with the value bigip-base \n \n Your GitHub Actions Secrets should resemble the following: \n \n Deployment Workflow: \n \n Step 1: Check out a branch for the deploy workflow using the following naming convention \n \n xc-bigip deployment branch: deploy-xc-bigip \n \n \n Step 2: Rename infra/terraform.tfvars.examples to infra/terraform.tfvars and add the following data \n project_prefix = \"Your project identifier\"\nresource_owner = \"You\"\naws_region = \"Your AWS region\" ex: us-west-1\nazs = \"Your AWS availability zones\" ex: [\"us-west-1a\", \"us-west-1b\"] \n\n#Assets\nnic = false\nnap = false\nbigip = true\nbigip-cis = false \n \n Step 3: Rename bigip-base/terraform.tfvars.examples to bigip-base/terraform.tfvars and add the following data \n f5_ami_search_name = \"F5 BIGIP-16.1.3* PAYG-Adv WAF Plus 25Mbps*\"\naws_secretmanager_auth = false\n\n#Provisioning set to nominal or none\nasm = \"nominal\"\napm = \"none\" \n Step 4: Rename bigip-awaf/terraform.tfvars.examples to bigip-awaf/terraform.tfvars and add the following data \n awaf_config_payload = \"awaf-config.json\" \n Step 5: Rename xc/terraform.tfvars.examples to xc/terraform.tfvars, add the XC tenant data, and set the WAF, Bot, and DDoS feature flags to `true`. \n #XC Tenant and Namespace\napi_url = \"https://<YOUR TENANT>.console.ves.volterra.io/api\"\nxc_tenant = \"Your tenant id available in F5 XC Administration section Tenant Overview\"\nxc_namespace = \"Your XC Namespace\"\napp_domain = \"Your APP FQDN\"\n\n#XC WAF\nxc_waf_blocking = true\n\n#XC Bot Defense\nxc_bot_def = true\n\n#XC DDoS\nxc_ddos_pro = true \n \n Step 5: Git Add and Commit your changes \n \n \n \n \n \n Step 6: Push your deploy branch to the forked repo \n \n Step 7: Back in GitHub, navigate to the Actions tab of your forked repo and monitor your build \n \n \n Step 8: Once the pipeline completes, verify your assets were deployed to AWS and F5 XC Note: Check the terraform outputs of the bigip-base job for the randomly generated password for BIG-IP GUI access \n F5 BIG-IP Terraform Outputs: \n \n Step 9: Verify your app is available by navigating to the app domain FQDN you provided in the setup. Note: The autocert process takes time. It may be 5 to 10 minutes before Let's Encrypt has provided the cert \n \n F5 XC Terraform Outputs: \n \n Destroy Workflow: \n Step 1: From your deploy branch, check out a new branch for the destroy workflow using the following naming convention \n \n xc-bigip destroy branch: destroy-xc-bigip \n \n \n Step 2: Push your destroy branch to the forked repo \n \n Step 3: Back in GitHub, navigate to the Actions tab of your forked repo and monitor your workflow \n \n \n Step 4: Once the pipeline completes, verify your assets were destroyed in AWS and F5 XC \n \n Conclusion \n In this article we have shown how to utilize the F5 Hybrid Security Architectures GitHub repo and CI/CD pipeline to deploy a tiered security architecture utilizing F5 XC WAF and BIG-IP Advanced WAF to protect a test web application. We applied advanced BOT and DDoS protection at the Edge and traditional Application Security next to our application. While the code and security policies deployed are generic and not inclusive of all use-cases, they can be used as a steppingstone for deploying F5 based hybrid architectures in your own environments. \n As workloads are increasingly being deployed in various environments and application architectures, it has become vital for organizations to safeguard their critical applications, regardless of their deployment or architecture. It is equally essential to deploy these protections swiftly and flexibly, just like the applications they are protecting. By utilizing the F5 WAF portfolio in conjunction with DevSecOps principles, organizations can deploy and maintain industry-leading security without affecting the time-to-value of their applications. Edge and Shift Left principles can coexist to offer a more efficient security solution. \n \n Article Series: \n F5 Hybrid Security Architectures (Intro - One WAF Engine, Total Flexibility) F5 Hybrid Security Architectures (Part 1 - F5's Distributed Cloud WAF and BIG-IP Advanced WAF) F5 Hybrid Security Architectures (Part 2 - F5's Distributed Cloud WAF and NGINX App Protect WAF) F5 Hybrid Security Architectures (Part 3 - F5 XC API Protection and NGINX Ingress Controller) F5 Hybrid Security Architectures (Part 4 - F5 XC BOT and DDoS Defense and BIG-IP Advanced WAF) F5 Hybrid Security Architectures (Part 5 - F5 XC, BIG-IP APM, CIS, and NGINX Ingress Controller) \n For further information or to get started: \n \n F5 Distributed Cloud Platform (Link) \n F5 Distributed Cloud WAAP Services (Link) \n F5 Distributed Cloud WAAP YouTube series (Link) \n F5 Distributed Cloud WAAP Get Started (Link) \n \n \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"9840","kudosSumWeight":3,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjIyMDBpOTY5NjVCMUQwNjM2QjUwOA?revision=14\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjMxMDBpMDM3MzBFMEY5QkRDNDJDNg?revision=14\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjQ4NTVpQkM0MDVDNDA0NjRFRjJGOQ?revision=14\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjE2MzhpNjI3MzI3QjlFNTE5NjU1NQ?revision=14\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDU","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjE2NzlpMjBFQkZCN0UxQTU5NkRDMg?revision=14\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDY","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjQ4NTZpQUM4OEVBNzg3RjM0ODBGMA?revision=14\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDc","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjE3NzVpQ0VBQUYzMzc3MTM0MTZFMw?revision=14\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDg","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjE3NzJpNTU2RkUwMTQwRjI3Rjc1Mw?revision=14\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDk","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjE3NzZpRjc0NEFEMTkwQzNGOEMxNQ?revision=14\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDEw","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjE2NTNpMDJCOUNDOTBENTI1REY3NA?revision=14\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDEx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjQ4NTdpRTA5RTNCRTFFNkFCNDk0Ng?revision=14\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDEy","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjE3OTZpOUFBOTQ1RjdEODU0N0FGRg?revision=14\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDEz","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjMxMDJpM0JBRERGNEY4RTdCNTI2Ng?revision=14\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE0","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjE4NzVpMTc4MjNFRTFFRTgzQzU0OQ?revision=14\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE1","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjE3NzdpMkJCMkNCMzdBNkYyNEQ5Qg?revision=14\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE2","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjE3NzhpM0ZGQkM3RjFDQjQ3MDYxRA?revision=14\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE3","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjMxMDRpMkZFNjJEODM2MkU3MjE0OA?revision=14\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE4","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTIzNDItMjMxMDNpRjc1Mjk3RjkzMzgyQjNDOQ?revision=14\"}"}}],"totalCount":18,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[{"__typename":"VideoEdge","cursor":"MHxodHRwczovL3lvdXR1LmJlL2RtVTVlbkhsMTdrfDB8MjU7MjV8fA","node":{"__typename":"AssociatedVideo","videoTag":{"__typename":"VideoTag","vid":"https://youtu.be/dmU5enHl17k","thumbnail":"https://i.ytimg.com/vi/dmU5enHl17k/hqdefault.jpg","uploading":false,"height":113,"width":200,"title":null},"videoAssociationType":"INLINE_BODY"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:298016":{"__typename":"Conversation","id":"conversation:298016","topic":{"__typename":"TkbTopicMessage","uid":298016},"lastPostingActivityTime":"2022-11-15T13:21:16.371-08:00","solved":false},"User:user:305638":{"__typename":"User","uid":305638,"login":"Valentin_Tobi","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0zMDU2MzgtMjE5NThpMzEwNzRGNTRCM0ZCREU4Rg"},"id":"user:305638"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTgwMTYtMjA0MTJpQ0JCN0FGQjI5MzBFN0VDOQ?revision=12\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTgwMTYtMjA0MTJpQ0JCN0FGQjI5MzBFN0VDOQ?revision=12","title":"f5xclogo.png","associationType":"BODY","width":100,"height":103,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTgwMTYtMTgzNjJpNEQ5RjRFOTcxQzcxODEzRA?revision=12\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTgwMTYtMTgzNjJpNEQ5RjRFOTcxQzcxODEzRA?revision=12","title":"image.png","associationType":"BODY","width":904,"height":502,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTgwMTYtMTgzNjNpRUVEOEM3ODY2QThGMzA3RQ?revision=12\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTgwMTYtMTgzNjNpRUVEOEM3ODY2QThGMzA3RQ?revision=12","title":"image.png","associationType":"BODY","width":904,"height":670,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTgwMTYtMTkyMDNpOTVGMEMyNDdBNjA2QTk1MQ?revision=12\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTgwMTYtMTkyMDNpOTVGMEMyNDdBNjA2QTk1MQ?revision=12","title":"Valentin_Tobi_0-1661276406086.png","associationType":"BODY","width":2302,"height":1012,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTgwMTYtMTgzNzBpOEQ3M0QxMzk4Mjc4ODUwQg?revision=12\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTgwMTYtMTgzNzBpOEQ3M0QxMzk4Mjc4ODUwQg?revision=12","title":"image.png","associationType":"BODY","width":1640,"height":1030,"altText":null},"TkbTopicMessage:message:298016":{"__typename":"TkbTopicMessage","subject":"F5 Distributed Cloud Web App and API Protection hybrid architecture for DevSecOps","conversation":{"__ref":"Conversation:conversation:298016"},"id":"message:298016","revisionNum":12,"uid":298016,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:305638"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" This article is aimed at exploring an architecture combining the strengths of two ways of packaging and deploying the F5 WAF engine: the NGINX App Protect and the Distributed Cloud WAAP. ","introduction":"","metrics":{"__typename":"MessageMetrics","views":5004},"postTime":"2022-08-24T05:00:00.039-07:00","lastPublishTime":"2022-11-15T13:21:16.371-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" \n Introduction \n Modern applications are known for a few distinct attributes such as design modularity, agile build processes and distributed deployments, all of which contribute to their faster time-to-market, ease of maintenance and higher adaptability. \n However, with these attributes come some challenges in managing modern applications such as the inconsistencies between various organizational groups or environments, leading to inconsistent security controls protecting these applications. Often, the choice is between centrally managed but \"generic\" security policies and application-specific but disparate security controls. \n \n \"Nature is a mutable cloud, which is always and never the same.\" - Ralph Waldo Emerson \n We might not wax that philosophically around here, but our heads are in the cloud nonetheless! Join the F5 Distributed Cloud user group today and learn more with your peers and other F5 experts. \n \n In this article we will present one possible way DevSecOps can meet these challenges, using an example of deploying the F5 WAF engine in the package that is most appropriate for the intended purpose and environment while still maintaining a unified control over the deployment process. \n F5 has chosen the WAF engine of its BIG-IP-based Advanced WAF to form the core of the other security products like F5 NGINX App Protect WAF and F5 Distributed Cloud Web App and API Protection (Distributed Cloud WAAP). \n \n Each of these products come with their own strengths and are best suited for specific environments or use cases, complementing each other, so it's easy to see how combining them into tiered architectures yield robust protections that are more than just the sum of their parts. \n \n In this example, we will explore such an architecture, intended to protect a modern modular application deployed in AWS EKS and integrated in a GitLab CI/CD pipeline. \n The demo application used is Arcadia Finance, having both Web and API components packaged as Kubernetes (K8s) containers. \n Design \n \n One objective aimed with this design is to provide separate custom controls for the Web and API endpoints, acknowledging the difference in vulnerabilities and therefore security policies between these types of endpoints as illustrated by, for example, OWASP Top 10 Web App Vulnerabilities vs. OWASP Top 10 API Security. \n We will use two separate instances of NGINX App Protect WAF, one implementing the Web app component security policy and the other securing the API component. \n To simulate the difference in security policies, we will enforce a strict positive security model for the API security policy by automatically importing Arcadia's OpenAPI specification into the NGINX App Protect WAF instance through the CI/CD pipeline. \n Another objective is to reduce the \"generic\" malicious traffic that is reaching these two NGINX App Protect WAF instances in the first place, by blocking this traffic as soon as possible. We will use Distributed Cloud WAAP SaaS to ensure this broad level of protection at the edge. The client connections will first go through the F5 Distributed Cloud Loadbalancer, having a security policy attached to it that is blocking the threats common to all applications exposed to the Internet, in our particular case the Web and API endpoints of Arcadia Finance but this can scale up to a large number of internal apps. \n Once the traffic has been filtered for common, \"generic\" threats, it will be sent to the AWS EKS where NGINX App Protect WAF instances will apply specific security policies for each application or component (in our case) being protected. \n A final objective of this setup is to have the security policies of NGINX App Protect WAF instances and Distributed Cloud WAAP exposed and controlled through the CI/CD pipeline such that, if changes to the security profiles are needed to mirror application development, these changes can be done in the same GitLab repo and applied through the same CI/CD pipeline that deploys the application components. This supports the Shift Left principle in securing modern apps. \n Deployment details \n For this demo I will be using Terraform to first deploy the underlying infrastructure on AWS and F5 Distributed Cloud and then to deploy Arcadia components to AWS EKS and configure the corresponding NGINX App Protect WAF, the F5 Distributed Cloud load balancer and Distributed Cloud WAAP policy. \n In the interest of reusability, I decided to separate the Terraform module responsible for setting up the infrastructure from the rest of the demo code, you can find the repository here. \n \n The infrastructure Terraform module (implementing the Secure Kubernetes Gateway pattern) will create a new VPC in AWS, the EKS cluster and the F5 Distributed Cloud site node that will be the link to F5 Distributed Cloud. As there is nothing application-specific to this part of the infrastructure, the Terraform module can be reused as a foundation for other deployments. \n The application-specific Terraform code used in this demo can be found here, as an example. It will first call the Secure K8s Gateway Terraform module mentioned above to setup the infrastructure and then it will deploy Arcadia's K8s containers in AWS EKS along with the NGINX App Protect WAF instances and then will configure the load balancer and Distributed Cloud WAAP security policy in F5's Distributed Cloud, exposing the application to the Internet. \n At this point, in a real-life scenario, multiple other apps could be deployed reusing the same underlying infrastructure. \n The GitLab CI/CD pipeline ensures automatic deployment of both the app code and security profiles, keeping them in sync as the application gets developed. \n variables:\n GIT_CLEAN_FLAGS: none\n\nstages:\n - Deploy_Infrastructure\n - Deploy_Arcadia_Finance\n - Destroy_Arcadia_Finance\n - Destroy_Infrastructure \n\ndeploy_infrastructure:\n stage: Deploy_Infrastructure\n before_script:\n - cd ${CI_PROJECT_DIR}/ \n script: \n - terraform init\n - terraform --version\n - terraform get -update\n - rm -rf .terraform/terraform.tfstate\n - rm -f status\n - terraform plan -out=plan.out\n - terraform apply -auto-approve plan.out\n tags:\n - shell\n only:\n variables:\n - $MODE == \"deploy\"\n\ndeploy_arcadia_finance:\n stage: Deploy_Arcadia_Finance\n before_script:\n - cd ${CI_PROJECT_DIR}/terraform_app \n script: \n - terraform init\n - terraform --version\n - terraform get -update\n - rm -rf .terraform/terraform.tfstate\n - rm -f status\n - terraform plan -out=plan.out\n - terraform apply -auto-approve plan.out\n tags:\n - shell\n only:\n variables:\n - $MODE == \"deploy\"\n\ndestroy_arcadia_finance:\n stage: Destroy_Arcadia_Finance\n before_script:\n - cd ${CI_PROJECT_DIR}/terraform_app \n script: \n - terraform refresh \n - terraform plan -destroy\n - terraform destroy -auto-approve\n tags:\n - shell\n only:\n variables:\n - $MODE == \"destroy\"\n\ndestroy_infrastructure:\n stage: Destroy_Infrastructure\n before_script:\n - cd ${CI_PROJECT_DIR}/ \n script: \n - terraform refresh \n - terraform plan -destroy\n - terraform destroy -auto-approve\n tags:\n - shell\n only:\n variables:\n - $MODE == \"destroy\"\n\n \n You may notice the security policies for NGINX App Protect WAF are exposed in the repository with the API Security one featuring the call to load the most recent OpenAPI spec for this application. \n {\n \"policy\": {\n \"name\": \"policy_name\",\n \"template\": { \"name\": \"POLICY_TEMPLATE_NGINX_BASE\" },\n \"applicationLanguage\": \"utf-8\",\n \"enforcementMode\": \"blocking\",\n \"signature-sets\": [\n {\n \"name\": \"High Accuracy Signatures\",\n \"block\": true,\n \"alarm\": true\n }\n ],\n \"bot-defense\": {\n \"settings\": {\n \"isEnabled\": true\n },\n \"mitigations\": {\n \"classes\": [\n {\n \"name\": \"trusted-bot\",\n \"action\": \"alarm\"\n },\n {\n \"name\": \"untrusted-bot\",\n \"action\": \"alarm\"\n },\n {\n \"name\": \"malicious-bot\",\n \"action\": \"alarm\"\n }\n ]\n }\n },\n \"open-api-files\": [\n {\n \"link\": \"https://raw.githubusercontent.com/vtobi/arcadia-finance/main/OpenAPI/open-api-spec.json\"\n }\n ],\n... \n You may also notice the security policy for Distributed Cloud WAAP, also exposed in this repository. \n resource \"volterra_app_firewall\" \"waap-tf\" {\n name = format(\"%s-waf\", local.name)\n description = format(\"WAF in block mode for %s\", local.name)\n namespace = local.namespace\n\n // One of the arguments from this list \"allow_all_response_codes allowed_response_codes\" must be set\n allow_all_response_codes = true\n // One of the arguments from this list \"default_anonymization custom_anonymization disable_anonymization\" must be set\n default_anonymization = true\n // One of the arguments from this list \"use_default_blocking_page blocking_page\" must be set\n use_default_blocking_page = true\n // One of the arguments from this list \"default_bot_setting bot_protection_setting\" must be set\n default_bot_setting = true\n // One of the arguments from this list \"default_detection_settings detection_settings\" must be set\n default_detection_settings = true\n // One of the arguments from this list \"use_loadbalancer_setting blocking monitoring\" must be set\n use_loadbalancer_setting = true\n // Blocking mode - optional - if not set, policy is in MONITORING\n blocking = true\n\n}\n \n For more information on available configuration options, you can check the Terraform resource documentation and the API guide. This ensures all changes to either the F5 Distributed Cloud WAAP or NGINX App Protect WAF security policies can be controlled at the CI/CD pipeline level. \n Conclusion \n This article was aimed at exploring an architecture combining the strengths of two ways of packaging and deploying the F5 WAF engine: using NGINX App Protect WAF and the F5 Distributed Cloud WAAP. \n We saw a way to automate this deployment using a simple GitLab CI/CD pipeline and Terraform code structured in a modular way, allowing the infrastructure Terraform module to be reused for other projects. \n Lastly, we briefly showed how the security policies could be modified and redeployed using the same CI/CD pipeline, keeping the security profiles in sync with the application as it is being developed. \n For further information or to get started: \n \n F5 Distributed Cloud Platform (Link) \n F5 Distributed Cloud WAAP Services (Link) \n F5 Distributed Cloud WAAP YouTube series (Link) \n F5 Distributed Cloud WAAP Get Started (Link) \n Terraform module for deploying the infrastructure (Link) \n Application-specific Terraform module (example) (Link) \n YouTube demo recording (Link) \n \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"11336","kudosSumWeight":7,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTgwMTYtMjA0MTJpQ0JCN0FGQjI5MzBFN0VDOQ?revision=12\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTgwMTYtMTgzNjJpNEQ5RjRFOTcxQzcxODEzRA?revision=12\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTgwMTYtMTgzNjNpRUVEOEM3ODY2QThGMzA3RQ?revision=12\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTgwMTYtMTkyMDNpOTVGMEMyNDdBNjA2QTk1MQ?revision=12\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDU","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTgwMTYtMTgzNzBpOEQ3M0QxMzk4Mjc4ODUwQg?revision=12\"}"}}],"totalCount":5,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"CachedAsset:text:en_US-components/community/Navbar-1743097583694":{"__typename":"CachedAsset","id":"text:en_US-components/community/Navbar-1743097583694","value":{"community":"Community Home","inbox":"Inbox","manageContent":"Manage Content","tos":"Terms of Service","forgotPassword":"Forgot Password","themeEditor":"Theme Editor","edit":"Edit Navigation Bar","skipContent":"Skip to content","migrated-link-9":"Groups","migrated-link-7":"Technical Articles","migrated-link-8":"DevCentral News","migrated-link-1":"Technical Forum","migrated-link-10":"Community Groups","migrated-link-2":"Water Cooler","migrated-link-11":"F5 Groups","Common-external-link":"How Do I...?","migrated-link-0":"Forums","article-series":"Article Series","migrated-link-5":"Community Articles","migrated-link-6":"Articles","security-insights":"Security Insights","migrated-link-3":"CrowdSRC","migrated-link-4":"CodeShare","migrated-link-12":"Events","migrated-link-13":"Suggestions"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarHamburgerDropdown-1743097583694":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarHamburgerDropdown-1743097583694","value":{"hamburgerLabel":"Side Menu"},"localOverride":false},"CachedAsset:text:en_US-components/community/BrandLogo-1743097583694":{"__typename":"CachedAsset","id":"text:en_US-components/community/BrandLogo-1743097583694","value":{"logoAlt":"Khoros","themeLogoAlt":"Brand Logo"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarTextLinks-1743097583694":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarTextLinks-1743097583694","value":{"more":"More"},"localOverride":false},"CachedAsset:text:en_US-components/authentication/AuthenticationLink-1743097583694":{"__typename":"CachedAsset","id":"text:en_US-components/authentication/AuthenticationLink-1743097583694","value":{"title.login":"Sign In","title.registration":"Register","title.forgotPassword":"Forgot Password","title.multiAuthLogin":"Sign In"},"localOverride":false},"CachedAsset:text:en_US-components/nodes/NodeLink-1743097583694":{"__typename":"CachedAsset","id":"text:en_US-components/nodes/NodeLink-1743097583694","value":{"place":"Place {name}"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagSubscriptionAction-1743097583694":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagSubscriptionAction-1743097583694","value":{"success.follow.title":"Following Tag","success.unfollow.title":"Unfollowed Tag","success.follow.message.followAcrossCommunity":"You will be notified when this tag is used anywhere across the community","success.unfollowtag.message":"You will no longer be notified when this tag is used anywhere in this place","success.unfollowtagAcrossCommunity.message":"You will no longer be notified when this tag is used anywhere across the community","unexpected.error.title":"Error - Action Failed","unexpected.error.message":"An unidentified problem occurred during the action you took. Please try again later.","buttonTitle":"{isSubscribed, select, true {Unfollow} false {Follow} other{}}","unfollow":"Unfollow"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageListTabs-1743097583694":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageListTabs-1743097583694","value":{"mostKudoed":"{value, select, IDEA {Most Votes} other {Most Likes}}","mostReplies":"Most Replies","mostViewed":"Most Viewed","newest":"{value, select, IDEA {Newest Ideas} OCCASION {Newest Events} other {Newest Topics}}","newestOccasions":"Newest Events","mostRecent":"Most Recent","noReplies":"No Replies Yet","noSolutions":"No Solutions Yet","solutions":"Solutions","mostRecentUserContent":"Most Recent","trending":"Trending","draft":"Drafts","spam":"Spam","abuse":"Abuse","moderation":"Moderation","tags":"Tags","PAST":"Past","UPCOMING":"Upcoming","sortBymostRecent":"Sort By Most Recent","sortBymostRecentUserContent":"Sort By Most Recent","sortBymostKudoed":"Sort By Most Likes","sortBymostReplies":"Sort By Most Replies","sortBymostViewed":"Sort By Most Viewed","sortBynewest":"Sort By Newest Topics","sortBynewestOccasions":"Sort By Newest Events","otherTabs":" Messages list in the {tab} for {conversationStyle}","guides":"Guides","archives":"Archives"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/QueryHandler-1743097583694":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/QueryHandler-1743097583694","value":{"title":"Query Handler"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1743097583694":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarDropdownToggle-1743097583694","value":{"ariaLabelClosed":"Press the down arrow to open the menu"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/OverflowNav-1743097583694":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/OverflowNav-1743097583694","value":{"toggleText":"More"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageView/MessageViewInline-1743097583694":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageView/MessageViewInline-1743097583694","value":{"bylineAuthor":"{bylineAuthor}","bylineBoard":"{bylineBoard}","anonymous":"Anonymous","place":"Place {bylineBoard}","gotoParent":"Go to parent {name}"},"localOverride":false},"CachedAsset:text:en_US-components/customComponent/CustomComponent-1743097583694":{"__typename":"CachedAsset","id":"text:en_US-components/customComponent/CustomComponent-1743097583694","value":{"errorMessage":"Error rendering component id: {customComponentId}","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"CachedAsset:text:en_US-components/users/UserLink-1743097583694":{"__typename":"CachedAsset","id":"text:en_US-components/users/UserLink-1743097583694","value":{"authorName":"View Profile: {author}","anonymous":"Anonymous"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageSubject-1743097583694":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageSubject-1743097583694","value":{"noSubject":"(no subject)"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageBody-1743097583694":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageBody-1743097583694","value":{"showMessageBody":"Show More","mentionsErrorTitle":"{mentionsType, select, board {Board} user {User} message {Message} other {}} No Longer Available","mentionsErrorMessage":"The {mentionsType} you are trying to view has been removed from the community.","videoProcessing":"Video is being processed. Please try again in a few minutes.","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageTime-1743097583694":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageTime-1743097583694","value":{"postTime":"Published: {time}","lastPublishTime":"Last Update: {time}","conversation.lastPostingActivityTime":"Last posting activity time: {time}","conversation.lastPostTime":"Last post time: {time}","moderationData.rejectTime":"Rejected time: {time}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1743097583694":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/nodes/NodeIcon-1743097583694","value":{"contentType":"Content Type {style, select, FORUM {Forum} BLOG {Blog} TKB {Knowledge Base} IDEA {Ideas} OCCASION {Events} other {}} icon"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageUnreadCount-1743097583694":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageUnreadCount-1743097583694","value":{"unread":"{count} unread","comments":"{count, plural, one { unread comment} other{ unread comments}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageViewCount-1743097583694":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageViewCount-1743097583694","value":{"textTitle":"{count, plural,one {View} other{Views}}","views":"{count, plural, one{View} other{Views}}"},"localOverride":false},"CachedAsset:text:en_US-components/kudos/KudosCount-1743097583694":{"__typename":"CachedAsset","id":"text:en_US-components/kudos/KudosCount-1743097583694","value":{"textTitle":"{count, plural,one {{messageType, select, IDEA{Vote} other{Like}}} other{{messageType, select, IDEA{Votes} other{Likes}}}}","likes":"{count, plural, one{like} other{likes}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageRepliesCount-1743097583694":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageRepliesCount-1743097583694","value":{"textTitle":"{count, plural,one {{conversationStyle, select, IDEA{Comment} OCCASION{Comment} other{Reply}}} other{{conversationStyle, select, IDEA{Comments} OCCASION{Comments} other{Replies}}}}","comments":"{count, plural, one{Comment} other{Comments}}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1743097583694":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/users/UserAvatar-1743097583694","value":{"altText":"{login}'s avatar","altTextGeneric":"User's avatar"},"localOverride":false}}}},"page":"/tags/TagPage/TagPage","query":{"nodeId":"board:TechnicalArticles","tagName":"series-f5-hybrid-architectures"},"buildId":"q_bLpq2mflH0BeZigxpj6","runtimeConfig":{"buildInformationVisible":false,"logLevelApp":"info","logLevelMetrics":"info","openTelemetryClientEnabled":false,"openTelemetryConfigName":"f5","openTelemetryServiceVersion":"25.2.0","openTelemetryUniverse":"prod","openTelemetryCollector":"http://localhost:4318","openTelemetryRouteChangeAllowedTime":"5000","apolloDevToolsEnabled":false,"inboxMuteWipFeatureEnabled":false},"isFallback":false,"isExperimentalCompile":false,"dynamicIds":["./components/customComponent/CustomComponent/CustomComponent.tsx","./components/community/Navbar/NavbarWidget.tsx","./components/community/Breadcrumb/BreadcrumbWidget.tsx","./components/tags/TagsHeaderWidget/TagsHeaderWidget.tsx","./components/messages/MessageListForNodeByRecentActivityWidget/MessageListForNodeByRecentActivityWidget.tsx","./components/tags/TagSubscriptionAction/TagSubscriptionAction.tsx","./components/customComponent/CustomComponentContent/TemplateContent.tsx","../shared/client/components/common/List/ListGroup/ListGroup.tsx","./components/messages/MessageView/MessageView.tsx","./components/messages/MessageView/MessageViewInline/MessageViewInline.tsx","./components/customComponent/CustomComponentContent/HtmlContent.tsx","./components/customComponent/CustomComponentContent/CustomComponentScripts.tsx"],"appGip":true,"scriptLoader":[]}