Forum Discussion

Hikmat_385212's avatar
Hikmat_385212
Icon for Nimbostratus rankNimbostratus
Mar 06, 2019
Solved

WAF License and Deployement

I am new at F5 and I

m going to implement F5 WAF only. Before the question, excuse me if I write inadmissible thoughts) 
So I
d like to know Which licenses do I need to activate WAF? Besides it, after buying licenses, which mode should I put it in the network? I just know that reverse proxy mode would be better for my topology, because I`m going to configure WAF for all WEB servers(DMZ,Reserve center DMZ) For the Reverse proxy mode, do I need extra license to buy? I would appreciate if you write comprehensive explanation. Thank you in advance!

ASM Advanced WAF
security
  • AMiles_377865's avatar
    AMiles_377865
    Mar 06, 2019

    Hi Hikmat,

     

    The F5 WAF, or ASM, as they like to call it, can be purchased either as a standalone or as part of the "Best" license.

     

    You don't need any other license to operate the Big-IP as a reverse-proxy; it will serve as a full or half proxy based on network configuration, not licensing.

     

    In order to perform https-to-https redirection, or ssl bridging, you would just need to apply an http profile, and two different ssl profiles, a client ssl profile and a server ssl profile.

     

    That being said, it would probably be best to speak with a sales engineer before making a purchasing decision. They can take a look at your network needs and help find the right product for you.

     

    Best of luck,

     

    Austin

     

3 Replies

Sort By
  • Hikmat_385212's avatar
    Hikmat_385212
    Icon for Nimbostratus rankNimbostratus
    Mar 06, 2019

    By the way, it can be needed https-to-https redirection for certificate which that only WAF will carry certificate.

     

  • AMiles_377865's avatar
    AMiles_377865
    Icon for Cirrocumulus rankCirrocumulus
    Mar 06, 2019

    Hi Hikmat,

     

    The F5 WAF, or ASM, as they like to call it, can be purchased either as a standalone or as part of the "Best" license.

     

    You don't need any other license to operate the Big-IP as a reverse-proxy; it will serve as a full or half proxy based on network configuration, not licensing.

     

    In order to perform https-to-https redirection, or ssl bridging, you would just need to apply an http profile, and two different ssl profiles, a client ssl profile and a server ssl profile.

     

    That being said, it would probably be best to speak with a sales engineer before making a purchasing decision. They can take a look at your network needs and help find the right product for you.

     

    Best of luck,

     

    Austin

     

    • Hikmat_385212's avatar
      Hikmat_385212
      Icon for Nimbostratus rankNimbostratus
      Mar 07, 2019

      Thank you for great explanation. Sure, It will be talked with sales engineer before making decision.But I`ve installed virtual appliance and earlier that buying it, I intend to trial it. Then I should prepare for ASM module and LTM. Thank you a lot!