Lab 1: Deploying F5 Distributed Cloud Proxy Services to Securely Deliver a Public Endpoint

You just landed a new role and your company needs you to deploy an application. They want to use F5 Distributed Cloud (F5 XC) for its access and availability globally. The developers inform you that the application lives in both AWS and in Azure.

In this lab you will be creating a global application load balancer with an ingress endpoint on a F5 XC Regional Edge (RE) and will configure it with an origin server using the application’s public IP in Azure. Additionally, as you test the application, you’ll use the F5 XC Console to view telemetry data. The final task will be to add a Web Application Firewall (WAF) policy to protect the application from malicious attacks, and then observe the security events generated by the WAF.

This lab focuses on the deployment and security of an existing hosted application using F5 XC Platform and Services. This lab will be deployed in a SaaS-only configuration with no on-premises (public or private datacenter) elements. All configuration will be made via the F5 XC Console.

For the tasks that follow, you should have already noted your individual namespace. If you failed to note it, return to the Introduction section of this lab, and follow the instructions provided and note your namespace accordingly. The DNS Domain and the F5 XC Tenant are listed below for your convenience as they will be the same for all lab attendees.

lab000

Following the tasks in the prior Introduction Section, you should now be able to access the F5 Distributed Cloud Console, having set your Work Domain Roles and Skill levels. If you have not done so already, please login to your tenant for this lab and proceed to Task 1.

Task 1: Configure Load Balancer and Origin Pool

The following steps will allow you to deploy and advertise a globally available application. These steps will create an origin pool, add a health monitor, define an application, register its DNS, and advertise the application on the Internet using the F5 Distributed Cloud Global Network.

1. Following the Introduction section instructions, you should now be in the Multi-Cloud App Connect workspace. If for some reason you are not in Multi-Cloud App Connect, use Select Workspace in the left-hand navigation, and choose Multi-Cloud App Connect as shown in the Introduction section, Task 2, Step 9.

  1. In the left-hand navigation expand Manage and click Load Balancers > Origin Pools

  2. In the resulting screen click the Add Origin Pool in the graphic as shown.

Note

You have been defaulted to your specific namespace as this is the only namespace to which you have administrative access.

lab001

lab002

  1. In the resulting window, enter <namespace>-pool in the Name field and click Add Item under Origin Servers

lab003

  1. In the resulting window, Public DNS Name of Origin Server should be selected for Select Type of Origin Server.

  2. For DNS Name enter the following hostname: demo-app.amer.myedgedemo.com and then click Apply

lab004

  1. After returning to the prior window, change the Port under Origin server Port to 80.

  2. Scroll to the bottom and click Save and Exit.

lab005

lab006

  1. In the left-hand navigation expand Manage and click Load Balancers > HTTP Load Balancers.

  2. In the resulting screen click the Add HTTP Load Balancer in the graphic as shown.

lab007

lab008

  1. Using the left-hand navigation and in the sections as shown, enter the following data. Values where <namespace> is required, use the name of your given namespace.

    • Metadata

      Name: <namespace>-lb

    • Domains and LB Type

      Domains: <namespace>.lab-sec.f5demos.com

      Load Balancer Type: HTTP

      Automatically Manage DNS Records: [X] (Check the checkbox)

      HTTP Listen Port Choice: HTTP Listen Port

      HTTP Listen Port: 80

lab009

  1. In the current window’s left-hand navigation, click Origins. Next, click Add Item section of Origins.

lab010

  1. In the resulting window, verify Origin Pool is selected for Select Origin Pool Method.

  2. Select the <namespace>/<namespace>-pool from the Origin Pool dropdown.

  3. Click Apply

lab011

  1. In the resulting HTTP Load Balancer window, scroll to the Other Settings section and note the VIP Advertisement setting.

Note

The VIP Advertisement selection controls how/where the application is advertised. The “Internet” setting means that this application will be advertised globally using the F5 Distributed Cloud Global Network utilizing Anycast.

  1. Click Save and Exit at the bottom of the HTTP Load Balancer configuration screen.

lab012

  1. In the HTTP Load Balancers window, note the application hostname under the Domains column (This was done in Task1: Step 11).

lab013

Task 2: Testing the Application and Viewing Telemetry Data

The following steps will validate access to the application via web browser, review the Performance Monitoring dashboard, and gather request details.

  1. Open another tab in your browser (Chrome shown), navigate to the newly configured Load Balancer configuration: http://<namespace>.lab-sec.f5demos.com, to confirm it is functional.

  2. Navigate to the HEADER section under Menu to generate additional traffic.

lab014

lab015

  1. Returning to the F5 Distributed Cloud Console, use the left-hand navigation to navigate to Multi-Cloud App Connect section and click on Performance

  2. Scroll to the Load Balancers section of the page and click the link for your respective load balancer.

lab016

lab017

  1. Change the viewable time period from Last 5 minutes (default) to 1 hour by selecting the dropdown shown, click Last 1 hour then clicking Apply.

  2. Note the End to end Latency tile. This shows the average latency for all requests to this load balancer.

Note

As you have not run many requests, summary analytics may not be available in the dashboard view yet.

lab018

lab019

  1. Click the Requests link to see detailed information about individual requests.

  2. Note the Chart shows a graphical representation of all of the response codes for the selected time frame.

Note

This data can be filtered to quickly narrow in on points of interest.

lab020

lab021

  1. Click the Hide Chart link to free up space in the browser window.

  2. Expand one of the individual requests to view additional details about that request.

  3. Note the Duration section. This shows the latency for this specific request. These values can be compared to the average latency data noted in step 6.

lab022

lab023

Task 3: Add an Application Firewall Policy to Protect the Application

The following steps will guide you through adding a Web Application Firewall (WAF) Policy.

These steps will apply a preconfigured WAF policy to the load balancer created in Task 1.

  1. Following Task 2, you should have the Multi-Cloud App Connect navigation panel on the left of your console. If for some reason you do not see the Multi-Cloud App Connect navigation panel, use the Select Workspace dropdown at the top left, and click Multi-Cloud App Connect as shown in the Introduction section, Task 2, Step 9.

  2. In the left-hand navigation expand Manage and click Load Balancers > HTTP Load Balancers

  3. On the resulting page find the HTTP Load Balancer created in Task 1 (<namespace>-lb). Click the ellipsis under Actions and select Manage Configuration.

lab028

lab029

  1. On the resulting page click Edit Configuration.

  2. Click Web Application Firewall in the left-hand navigation.

lab030

lab031
  1. Under the Web Application Firewall section select Enable from the Web Application Firewall

    (WAF) dropdown.

  2. Select preconfigured the Web Application Firewall

    (shared/base-appfw) from the Enable dropdown.

  3. Scroll to the bottom of the page and click Save and Exit

lab032

lab033

Task 4. Test the Application Firewall and View Security Events

The following steps will test and validate the Web Application Firewall, review the Security

Monitoring dashboard, and gather security event details.

  1. Open another tab in your browser (Chrome shown), navigate to the newly configured Load Balancer configuration: http://<namespace>.lab-sec.f5demos.com, to confirm it is functional.

  2. Using some of the sample attacks below, add the URI path & variables to your application to generate security event data.

    • /?cmd=cat%20/etc/passwd

    • /product?id=4%20OR%201=1

    • /cart?search=aaa’><script>prompt(‘Please+enter+your+password’);</script>

Note

The web application firewall is blocking these requests to protect the application. The block page can be customized to provide additional information.

lab034

  1. Returning to the F5 Distributed Cloud Console, use the left-hand navigation to navigate to Multi-Cloud App Connect section and click on Performance

  2. Scroll to the Load Balancers section of the page and click the link for your respective load balancer.

lab016

lab017

  1. Click the Performance Monitoring dropdown at the top of the page and select Security Monitoring

lab035

  1. From the Dashboard view, using the horizontal navigation, click Security Analytics.

  2. Note the Chart shows a graphical representation of all of the response codes for the selected time frame.

Note

If you lost your 1 Hour Filter, re-apply using Task 2: Step 5

lab037

lab038

  1. Click the Hide Chart link to free up space in the browser window.

  2. Expand your latest security event as shown.

  3. Note the summary detail provided in the Information link. The req_id which is synonymous with

Support ID (filterable) from the block page.

  1. Scroll to the bottom of the information screen to see specific signatures detected and actions taken during the security event.

Note

Note that Requests have additional detail in JSON format

lab039

lab040

lab041

  1. Scroll back to the top and on the right-hand size under Actions click “…”. Now click “Explain with AI”. F5 Distributed Cloud AI Assistant will provide additional information about the security event including an analysis of the event, recommended follow-up actions, and more detection details should you need to investigate further.

lab042

lab043

End of Lab 1: This concludes Lab 1. In this lab you created an origin pool to connect to the application, you then created a load balancer and associated the origin pool to the load balancer. This allowed the application to be advertised via the F5 Distributed Cloud Global Network. The Distributed Cloud Console was then used to review telemetry data gathered for the application. Next an Application Firewall policy was assigned to protect the application. Finally a sample attack was run against the application and the security event data was reviewed within the Distributed Cloud Console.

labend