The use case

In this use case, a modern application (or piece of the app) is running in a private/public (not exposed) cloud or on-premises location. In few words, the application or some pieces of the application are not exposed on Internet and NetOps + SecOps are looking for a simple solution to expose and protect this application.

With F5 Distributed Cloud Web App and API Protection (XC WAAP), we will protect with:

• L3/L4 DDoS Protection, unlimited
• WAF
• Bot Protection (signature based)
• API protection
• Rate Limiting

The architecture

The users will connect to F5 XC Global Network where the application is exposed (exposed on all F5 XC pops all over the world), and F5 XC multi-cloud networking solution will route the traffic to the application hosted in Azure in the example above (or in the Datacenter)

To do so, a F5 XC Mesh Node has been deployed automatically by the F5 XC console in Azure tenant and is directly connected (vnet subnet) with the application.

Solution overview and services offered

F5 XC WAAP offers by default

• 1 anycast VIP
• 1 Distributed LB
• 2 Delegated DNS domain
• Unlimited L3/L4 protection
• WAAP protection
  • WAF Policy (based on BIG-IP and Nginx WAF engine)
  • Bot Signature protection
  • API Protection (Swagger enforcement)

But more advanced services are available

• Advanced Bot Protection (Shape)
• Advanced API Protection with API discovery
• Malicious User Detection and Mitigation (AI/ML)

Use Case video

In this video, we explain in details this use case and the solution.