For each application that would be protected by Broker change appropriate DNS entries in order for them to resolve to Secfense Broker IP address. Further configuration in Broker would direct traffic to application servers.
Keep in mind that client sessions would be terminated on Broker – this means any TLS termination would also happen there. Please add Secfense CA to trust store or maintain proper certificates in the Application Representation.
In cluster setup use both Brokers IPs in DNS resolution to maintain high availability or setup VRRP.
In order to prepare a test deployment, use a temporary test domain name.
Inline, with load balancer:
For this setup no changes need to be made on frontend of the load balancer. To move traffic to Broker, replace nodes in backend configuration with Secfense servers. TLS would be terminated on the load balancer.
To keep high availability in cluster setup, utilize load balancer rules to configure active/standby solution using proper health checks (described further in this guide)
For test purposes, create a new test frontend (independent from production traffic) and use DNS to properly direct test users.
On a stick:
Follow these steps on load balancer to successfully deploy Secfense Broker “on a stick” for a particular application:
Create a new frontend (VIP, Vserver – depends on type of load balancer) that would be only reachable by Secfense Broker. Configure the backend same as production fronted (forward traffic to application servers).
Create a pool that includes Broker servers – in order to maintain high availability, utilize proper health checks and active/standby configuration.
To test the setup (without impacting production traffic) create a separate test frontend for application (with the same settings as production frontend, but use a different IP). Direct traffic from this frontend to the newly created pool for Secfense Brokers. You can use DNS to direct test users to this test frontend.
While configuring the application in Broker GUI use frontend created in step 1 as upstream URL. After these steps you should have a fully functional test environment for a single application.
In order to move above setup to production change the backend in production Frontend to Broker backend. After this change all users should have the same experience as users testing setup from point 4.
To rollback production change restore original backend in production fontend.