F5 Distributed Cloud > F5 Distributed Cloud Automation - NetOps, DevOps, SecOps and Beyond Source | Edit on

Lab 2: Operationalize Security Configurations¶

The following lab tasks will guide you through using Postman to modify an existinga HTTP Load Balancer deployment to apply a Web Application Firewall and Service Policy configuration. This lab demonstrates the use of the PUT method to modify an existing object in Distributed Cloud. Students will then use the DELETE method to delete the objects created in Lab 1 and Lab 2 in prepration for Lab 3.

Expected Lab Time: 20 minutes

Task 1: Create & Attach WAAP Policy¶

In this task, you will use Postman to create an Application Firewall policy with the default settings. Postman will then be used to attach the Application Firewall to the HTTP Load Balancer created in Lab 1.

This lab will begin back in the Windows 10 client deployed as part of the UDF.

Create an Application Firewall and Apply It to Your Application Load Balancer Via Postman
Return to Postman. In the workspace pane, expand Appworld - XC Automation if it isn’t already, then click on Create App Firewall, and click on Body to review the raw JSON content.
Click Send to POST the JSON to the Distributed Cloud API.
Review the results in the Body section of Postman. You should see a 200 OK response code.
From Postman, in the workspace pane click on Add App FW to HTTP Load Balancer, click on Body, and review the raw JSON content.
Click Send to PUT the JSON to the Distributed Cloud API.
Review the results in the Body section of Postman. You should see a 200 OK response code. Note Since you are modifying an existing object, you use the PUT method here instead of the POST method.

Create an Application Firewall and Apply It to Your Application Load Balancer Via Postman

Return to Postman. In the workspace pane, expand Appworld - XC Automation if it isn’t already,

then click on Create App Firewall, and click on Body to review the raw JSON content.

Click Send to POST the JSON to the Distributed Cloud API.

Review the results in the Body section of Postman. You should see a 200 OK response code.

From Postman, in the workspace pane click on Add App FW to HTTP Load Balancer, click on Body,

and review the raw JSON content.

Click Send to PUT the JSON to the Distributed Cloud API.

Review the results in the Body section of Postman. You should see a 200 OK response code.

Note

Since you are modifying an existing object, you use the PUT method here instead of the POST method.

Verify the Application Firewall Was Created and Applied
From the Windows 10 client deployed as part of the UDF, open Chrome.
Click on the XC Console bookmark to be taken to the XC Console login.
Enter your e-mail address in the Email form and password in the Password form and click Sign In.
Within the Distributed Cloud dashboard, select the Multi-Cloud App Connect tile.
In the resulting screen, expand the Manage menu and click Load Balancers and then select HTTP Load Balancers*.
From the HTTP Load Balancers page, locate the HTTP Load Balancer that you created via Postman. Click the ellipsis under Actions and select Manage Configuration.
From the resulting screen, review the HTTP Load Balancer configuration data and then click JSON.
Review the resulting JSON data. The app_firewall section matches JSON from the body section of Postman PUT that added the Web Application Firewall to the HTTP Load Balancer. Note There may be slight variations in the JSON because you don’t need to post default values when calling the API. If you want to automate a task in Distributed Cloud, but are unsure of the required JSON, you can configure a test object via the GUI and then use this JSON tab to get the corresponding JSON config.
Click Cancel and Exit to close out the Load Balancer configuration.

Verify the Application Firewall Was Created and Applied

From the Windows 10 client deployed as part of the UDF, open Chrome.

Click on the XC Console bookmark to be taken to the XC Console login.

Enter your e-mail address in the Email form and password in the Password form and click Sign

In.

Within the Distributed Cloud dashboard, select the Multi-Cloud App Connect tile.

In the resulting screen, expand the Manage menu and click Load Balancers and then select

HTTP Load Balancers*.

From the HTTP Load Balancers page, locate the HTTP Load Balancer that you created via Postman. Click the

ellipsis under Actions and select Manage Configuration.

From the resulting screen, review the HTTP Load Balancer configuration data and then click JSON.

Review the resulting JSON data. The app_firewall section matches JSON from the body section of

Postman PUT that added the Web Application Firewall to the HTTP Load Balancer.

Note

There may be slight variations in the JSON because you don’t need to post default values when calling the API. If you want to automate a task in Distributed Cloud, but are unsure of the required JSON, you can configure a test object via the GUI and then use this JSON tab to get the corresponding JSON config.

Click Cancel and Exit to close out the Load Balancer configuration.

Task 2: Create & Attach a Service Policy¶

In this task, you will use Postman to create a Service Policy that only allows specific contries to access your application. Postman will then be used to attach the Service Policy to the HTTP Load Balancer created in Lab 1.

Create a Service Policy and Apply It to Your Application Load Balancer Via Postman
Return to Postman, in the workspace pane expand Appworld - XC Automation if it isn’t already, click on Create Service Policy, click on Body, and review the raw JSON content.
Click Send to POST the JSON to the Distributed Cloud API.
Review the results in the Body section of Postman. You should see a 200 OK response code.

Create a Service Policy and Apply It to Your Application Load Balancer Via Postman

Return to Postman, in the workspace pane expand Appworld - XC Automation if it isn’t already,

click on Create Service Policy, click on Body, and review the raw JSON content.

Click Send to POST the JSON to the Distributed Cloud API.

Review the results in the Body section of Postman. You should see a 200 OK response code.

From Postman, in the workspace pane click on Add Service Policy to HTTP Load Balancer, click on

Body, and review the raw JSON content.

Click Send to PUT the JSON to the Distributed Cloud API.

Review the results in the Body section of Postman. You should see a 200 OK response code.

Note

Since you are modifying an existing object, you use the PUT method here instead of the POST method.

Verify the Service Policy Was Created and Applied
From the Windows 10 client deployed as part of the UDF, open Chrome.
Click on the XC Console bookmark to be taken to the XC Console login.
Enter your e-mail address in the Email form and password in the Password form and click Sign In.
Within the Distributed Cloud dashboard select the Multi-Cloud App Connect tile.
In the resulting screen, expand the Manage menu and click Load Balancers and then select HTTP Load Balancers*.
From the HTTP Load Balancers page, locate the HTTP Load Balancer that you created via Postman. Click the ellipsis under Actions and select Manage Configuration.
From the resulting screen, review the HTTP Load Balancer configuration data and then click JSON.
Review the resulting JSON data. The app_firewall section matches JSON from the body section of Postman PUT that added the Web Application Firewall to the HTTP Load Balancer. Note There may be slight variations in the JSON because you don’t need to post default values when calling the API. If you want to automate a task in Distributed Cloud, but are unsure of the required JSON, you can configure a test object via the GUI and then use this JSON tab to get the corresponding JSON config.
Click Cancel and Exit to close out the Load Balancer configuration.

Verify the Service Policy Was Created and Applied

From the Windows 10 client deployed as part of the UDF, open Chrome.

Click on the XC Console bookmark to be taken to the XC Console login.

Enter your e-mail address in the Email form and password in the Password form and click Sign

In.

Within the Distributed Cloud dashboard select the Multi-Cloud App Connect tile.

In the resulting screen, expand the Manage menu and click Load Balancers and then select

HTTP Load Balancers*.

From the HTTP Load Balancers page, locate the HTTP Load Balancer that you created via Postman. Click the

ellipsis under Actions and select Manage Configuration.

From the resulting screen, review the HTTP Load Balancer configuration data and then click JSON.

Review the resulting JSON data. The app_firewall section matches JSON from the body section of

Postman PUT that added the Web Application Firewall to the HTTP Load Balancer.

Note

Click Cancel and Exit to close out the Load Balancer configuration.

Task 3: Delete the Objects Created with Postman¶

In this task you, will use Postman to delete the HTTP Load Balancer, Service Policy, App Firewall, Origin Pool, and Health Check. This demonstrates how to use Postman to delete objects when they are no longer needed, and cleans up the environment in prepation for Lab3.

Delete Distributed Cloud Objects Via Postman
Return to Postman, in the workspace pane expand Appworld - XC Automation if it isn’t already, click on Delete HTTP Load Balancer, click on Send.
Review the results in the Body section of Postman. You should see a 200 OK response code.
From Postman, in the workspace pane click on Delete Service Policy and click Send.
Review the results in the Body section of Postman. You should see a 200 OK response code.
From Postman, in the workspace pane click on Delete App Firewall and click Send.
Review the results in the Body section of Postman. You should see a 200 OK response code.
From Postman, in the workspace pane click on Delete Origin Pool and click Send.
Review the results in the Body section of Postman. You should see a 200 OK response code.
From Postman, in the workspace pane click on Delete Health Check and click Send.
Review the results in the Body section of Postman. You should see a 200 OK response code.

Delete Distributed Cloud Objects Via Postman

Return to Postman, in the workspace pane expand Appworld - XC Automation if it isn’t already,

click on Delete HTTP Load Balancer, click on Send.

Review the results in the Body section of Postman. You should see a 200 OK response code.

From Postman, in the workspace pane click on Delete Service Policy and click Send.

Review the results in the Body section of Postman. You should see a 200 OK response code.

From Postman, in the workspace pane click on Delete App Firewall and click Send.

Review the results in the Body section of Postman. You should see a 200 OK response code.

From Postman, in the workspace pane click on Delete Origin Pool and click Send.

Review the results in the Body section of Postman. You should see a 200 OK response code.

From Postman, in the workspace pane click on Delete Health Check and click Send.

Review the results in the Body section of Postman. You should see a 200 OK response code.

End of Lab 2
This concludes Lab 2. In this lab, you learned how to use Postman to create a Web Application Firewall policy and Service Policy. You then used Postman to modify the HTTP Load Balancer you created in Lab 1 and apply the Web Application Firewall and Service policy. Lastly, you used Postman to delete all of the configuration from Lab 1 and Lab 2 in preparation for Lab 3. A brief presentation will be shared prior to the beginning of Lab 3.

End of Lab 2

This concludes Lab 2. In this lab, you learned how to use Postman to create a Web Application Firewall

policy and Service Policy. You then used Postman to modify the HTTP Load Balancer you created in Lab 1 and

apply the Web Application Firewall and Service policy. Lastly, you used Postman to delete all of the

configuration from Lab 1 and Lab 2 in preparation for Lab 3. A brief presentation will be shared prior to the

beginning of Lab 3.

Previous Next