Building on the previous lessons, we successfully prepared two intentionally vulnerable web applications: the “Hack-It-Yourself PHP Auction” and “DVWA”.

In this section, we will go through the initial setup of the F5 device according to the network topology using a trial license key. We will publish these two web applications via the F5 LTM module. Additionally, we activate the F5 AWAF module, an essential component that will be actively used throughout the course to protect the web applications from potential threats.

Table of Contents

F5 BIG-IP Initial Configuration

The first step is to download the virtual edition of F5 BIG-IP and get a trial key.

I have already downloaded „BIGIP-17.1.0.2-0.0.2.ALL-vmware.ova“, which I will install on VMware ESXi server. I have already received also a trial license.

Then I import the OVA file into VMware ESXi.

The only important point to consider is the hardware provisioning.

We place network interfaces in the appropriate port group based on your VMware network topology and port groups. As it is written, the first network adapter is the management interface, internal, external and HA are the next network interfaces in order.

It is also important to select the right amount of CPU and memory to be able to enable both LTM and AWAF modules. I will change the deployment type to 4 CPU and 8GB RAM.

import F5 BIG-IP OVA into VMware ESXi
import F5 BIG-IP OVA into VMware ESXi
F5 BIG-IP Harware provisioning to enable LTM and AWAF module
F5 BIG-IP Harware provisioning to enable LTM and AWAF module

After importing the OVA file, we wait a few minutes for the machine to load.

The default user name and password for logging into the machine are “root/default”.

The first time you log in, you will be asked to change the root password.

The same password, but with the username admin, is used to log in to the GUI. However, the first time you log in to the GUI, you will be asked to change the GUI password.

F5 BIG-IP console and default username and password
F5 BIG-IP console and default username and password

After you log in to the F5 BIG-IP machine, use the “config mgmt” command to configure the management interface. According to my topology, the IP address of my management interface is “192.168.1.191

F5 AWAF Lab Topology
F5 AWAF Lab Topology
Configure F5 BIG-IP management interface for the first time
Configure F5 BIG-IP management interface for the first time

You need to wait a few minutes for F5 BIG-IP to initialize. You can then log in with the username “admin” and the password you configured for the root user.

The first time you log in, you will be asked to change the GUI admin password. I used the same password again without getting an error message.

login to GUI with admin user and the password that you configured for root user durung inital setup
login to GUI with admin user and the password that you configured for root user durung inital setup
change GUI admin password when you login for the first time
change GUI admin password when you login for the first time

Then we need to activate F5 BIG-IP with the trial key. I enter my trial activation key and choose the manual method to activate the machine. I will copy the given output and paste into the given online link to get a license.

I then copy the license in the license section of the activation page to enable use of the machine.

F5 BIG-IP license activation page
F5 BIG-IP license activation page
copy the ouput and follow the link to get the license
copy the ouput and follow the link to get the license
F5 BIG-IP license activation process
F5 BIG-IP license activation process
F5 BIG-IP license activation process
F5 BIG-IP license activation process
F5 BIG-IP license activation process
F5 BIG-IP license activation process

On the resource provisioning page, we ensure that both LTM and ASM (AWAF) are licensed and provisioned.

F5 BIG-IP LTM and ASM provisioning
F5 BIG-IP LTM and ASM provisioning

On the certificate page we don’t change anything and use the default certificate.

use default certificate for F5 AWAF course
use default certificate for F5 AWAF course

We are then asked to complete the configuration of the platform, including the management IP address, management gateway, host name, time zone and SSH access.

complete F5 BIG-IP platform configuration
complete F5 BIG-IP platform configuration

We disable HA for this course. The configuration of HA is already discussed in the F5 LTM course lesson 17 to 20.

we choose to configure other interfaces
we choose to configure other interfaces
we disable HA for AWAF course
we disable HA for AWAF course

We then continue with the configuration of the internal and external interfaces according to the topology.

For the internal interface we configure the IP address 192.168.10.1/24. We change the port blocking to the default setting so that important traffic such as HA traffic is open to F5 BIG-IP itself. We select the first interface “1.1” as the internal interface.

configure internal interface
configure internal interface

A similar configuration is applied to the external interface, with the IP address 192.168..2.191 and 192.168.2.1 as the gateway. We also select the second interface “1.2” as the external interface.

configure external interface
configure external interface

To see the summary of your F5 BIG-IP initial configuration, you can check the sections „Network > Interfaces > Interface List“ to see the list of interfaces, „Network > Routes“ to see the configured routes, „Network > Self IP“ to see IP address configurations, „Network > VLANs > VLAN List“ to see the list of VLANs and finally „System > Platform“ to review the system and management configuration.

review F5 BIG-IP initial configuration
review F5 BIG-IP initial configuration
review F5 BIG-IP platform configuration
review F5 BIG-IP platform configuration

F5 BIG-IP LTM Virtual Server setup for publishing web applications

After the initial setup of F5, the next step is to publish two vulnerable web applications prepared in the previous lessons via the F5 LTM module.

According to the topology, we have two vulnerable web applications, DVWA with IP address 192.168.10.123 and “Hack-It-Yourself PHP Auction” with IP address 192.168.10.150.

To publish them we use the F5 LTM module. First we create two nodes for these two applications.

configure LTM nodes for vulnerable web applications
configure LTM nodes for vulnerable web applications

We then create two pools for these two applications for the HTTP (port 80) service. We also enable health monitoring with “http” profile.

create a pool for hack-it-yourself php auction web application
create a pool for hack-it-yourself php auction web application
create a pool for DVWA web application
create a pool for DVWA web application

After creating the required pools, we check the section „Local traffic > Pools > Pool List“ to make sure of the availability of the LTM pools.

monitor F5 LTM pools
monitor F5 LTM pools

Finally, we create two virtual servers, one for each application.

According to the topology, we create a virtual server named “php_auction_vs” with IP address 192.168.2.111 and service HTTP.

It is important to enable the “http“ profile of the web application, otherwise we cannot secure it using the F5 AWAF module. We also activate source NAT using “Auto MAP” and assign the configured pool to the virtual server.

create Hack-It-Yourself PHP Auction virtual server
create Hack-It-Yourself PHP Auction virtual server

Another virtual server called “dvwa_vs” with the IP address 192.168.2.112 and the HTTP service.

The rest of the configurations are the same as the previous virtual server.

create DVWA virtual server
create DVWA virtual server

Then we need to make sure that both virtual servers are active. In the section “Local Traffic > Virtual Servers > Virtual Server List”, you can view the list and status of virtual servers.

see the list and status of virtual servers
see the list and status of virtual servers

Now the connection to the web application is expected to be made using the virtual IP addresses 192.168.2.111 and 192.168.2.112.

Connect to the web applications using FQDN

In the final step, we select an FQDN name for each of these two applications so that we can connect to them using their name and not their IP address.

We use „C:\Windows\System32\drivers\etc\hosts“ files to select a name for each of these two web applications.

We choose the name “auction.f5demo.com” for the IP address “192.168.2.111” and the name “dvwa.f5demo.com” for the IP address “192.168.2.112”.

configure a FQDN name for each web application
configure a FQDN name for each web application

Now it is expected that we can connect to web applications through their names instead of IP address.

connect to auction.f5demo.com
connect to auction.f5demo.com
connect to dvwa.f5demo.com
connect to dvwa.f5demo.com
Back to: F5 BIG-IP AWAF (formerly ASM) > F5 AWAF Lab Topology Preperation

Leave a Reply

Your email address will not be published. Required fields are marked *


Post comment