- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a scenario whereby my Intel EMA Server and my Swarm Server are both located in Azure.
I want to front the Swarm Server with something like the Azure Web Application Firewall or similar.
Is it possible to offload the Intel EMA Traffic before forwarding to the Intel EMA Swarm Server?
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Sylvester,
Thank you for reaching out to us with your query regarding offloading Intel EMA traffic before forwarding it to the Intel EMA Swarm Server using Azure Web Application Firewall (WAF).
Yes, it is possible to offload the Intel EMA traffic before forwarding it to the Intel EMA Swarm Server using Azure WAF or a similar solution. Azure WAF can be configured to act as a reverse proxy, which can inspect and filter incoming traffic before it reaches your Swarm Server.
1. Set up Azure Web Application Firewall (WAF):
o Create an Azure WAF instance and configure it to protect your Swarm Server.
o Ensure that the WAF is set up to handle the specific ports and protocols used by Intel EMA traffic.
2. Configure WAF Rules:
o Define rules to allow or block traffic based on your security requirements.
o Ensure that the rules are configured to forward the allowed traffic to the Swarm Server.
3. Set up Backend Pool:
o Add your Swarm Server to the backend pool of the WAF.
o Configure health probes to monitor the availability of the Swarm Server.
4. Update DNS Settings:
o Update your DNS settings to point to the WAF's public IP address instead of the Swarm Server's IP address.
5. Test the Configuration:
o Verify that the traffic is being correctly offloaded and forwarded to the Swarm Server.
o Check the logs and monitoring tools to ensure that the traffic is being handled as expected.
Potential Impacts:
· Introducing WAF may add some latency to the traffic due to inspection and filtering processes.
· Ensure that the WAF configuration does not inadvertently block legitimate Intel EMA traffic.
Backup Recommendation:
· Before making any changes, take a backup of your current configuration and settings to ensure you can revert if needed.
For more detailed guidance, refer to the Azure WAF documentation and Intel EMA deployment guides.
Best regards,
Vijay N
Intel Product Support Engineer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Sylvester,
Allow me to add to Vijay's reply. WAF will work with port 443 on Intel EMA server to allow EMA web console users to login to Intel EMA outside of the corporate network. WAF will not work with port 8080 for CIRA connection. CIRA requires end-to-end TLS encryption between server and endpoint at port 8080. WAF terminates TLS encryption from the client and re-establish it with the server. It breaks CIRA communication. Only layer 4 network load balancer is supported between Intel EMA server and endpoint.
Regards,
Jimmy Wai
Technical Sales Specialist, Intel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Sylvester,
I am following up on the case and wondering if I can help you with anything else.
Best regards,
Vijay N.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Sylvester,
I am following up on the case and would like to know if I can help you with anything else. Looking forward to your response.
Regards,
Suneesh S
Intel Customer Support Technician
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page