AWS F5 with Ports redirect
Summary
For this scenario we will use an AWS F5 from Marketplace.
Our instance is a t2.medium with:
two private ips: 10.2.3.169 (configured to be the IP to manage F5 ) and 10.2.3.118 (configured to be the IP to allow public traffic trough an Elastic IP, in our scenario will be 18.198.222.242).
security group rules:
allow from intern: 9444
allow from extern: 443, 8544, 8944, 9987
Domains and ports:
dev9int.verdiumid-dev.com (internal IP, defined in internal DNS)
-> 9444 - websecadmin
dev9.veridiumid-dev.com (external IP, defined in AWS DNS)
-> 443 bops
-> 8544 dmz
-> 8944 shibboleth/idp
-> 9987 ssp
F5 (internal IP)
→ 8443
Security group rules for F5 instance
Protocol | Port | Source |
|---|---|---|
TCP | 443 | 0.0.0.0/0 |
TCP | 8544 | 0.0.0.0/0 |
TCP | 8944 | 0.0.0.0/0 |
TCP | 9987 | 0.0.0.0/0 |
TCP | 9444 | OUR_INTERN_NETWORK |
TCP | 22 | OUR_INTERN_NETWORK |
TCP | 8443 | OUR_INTERN_NETWORK |
TCP | 9444 | WEBAPP_INTERN_NETWORK |
Security group rules for Webapp instance
Protocol | Port | Source |
|---|---|---|
TCP | 443 | 10.2.3.118 / 10.2.3.169 (F5 ips) |
TCP | 8544 | 10.2.3.118 / 10.2.3.169 (F5 ips) |
TCP | 8944 | 10.2.3.118 / 10.2.3.169 (F5 ips) |
TCP | 9987 | 10.2.3.118 / 10.2.3.169 (F5 ips) |
TCP | 9444 | 10.2.3.118 / 10.2.3.169 (F5 ips) |
TCP | 22 | OUR_INTERN_NETWORK |