F5 Web Application Firewall Solutions > WAF 201 – Elevated WAF Security Source | Edit on
Lab Environment & Topology¶
Note
All work is done from the Linux Client, which can be accessed via RDP (Windows Remote Desktop). No installation or interaction with your local system is required.
Environment¶
Linux Client:
Web Attack Tools used in this lab:
- BURP Community Edition - Packet Crafting
- curl - command line webclient. Very useful for debugging and request crafting
- Postman - API Development and request crafting
- ab (Apache Bench) - HTTP Load Testing
Linux server:
- JuiceShop - OWASP Juice Shop is probably the most modern and sophisticated insecure web application!
Lab Topology¶
The network topology implemented for this lab is very simple. The following components have been included in your lab environment:
- 1 x Ubuntu Linux 20.04 client
- 1 x F5 BIG-IP VE (v16.1.2.2) running Advanced WAF with IP Intelligence & Threat Campaign Subscription Services.
- 1 x Ubuntu Linux 20.04 server
The following table lists VLANS, IP Addresses and Credentials for all components. The “password” will be provided by your instructor.
| Component | mgt IP | ClientSide IP | ServerSide IP | Credentials |
|---|---|---|---|---|
| Linux Client | 10.1.1.7 | 10.1.10.51 | N/A | rdp-f5student:password |
| BIG-IP | 10.1.1.4 | 10.1.10.245 | 10.1.20.245 | https - admin:password ssh - f5student:password |
| Linux Server | 10.1.1.6 | N/A | 10.1.20.252 | ssh - f5student:password |