NLB as backend behind an ALB in GCP

nikhildobriyal · 02-18-2024 11:07 PM

Can I provide a TCP Target-pool network load balancer as an backend behind an Appplication Load Balancer in GCP?

I have nginx ingress controller running in my GKE cluster which creates a TCP Target-pool network load balancer for me in GCP.

Now I want to use WAF on my Load balancer but NLB doesn't support WAF, so I am planning to put an Application load balancer in front of my network load balancer.

Is it possible, please suggest any solutions and if there is any better solution, please provide that also?

Marvin_Lucero

Hi @nikhildobriyal,

@nikhildobriyal wrote:

Now I want to use WAF on my Load balancer but NLB doesn't support WAF, so I am planning to put an Application load balancer in front of my network load balancer.

Yes, it is possible to use an ALB in front of a TCP Target-pool network load balancer (NLB) in GCP. The ALB can be used to provide a WAF for your application.

Here's what you can consider doing:

1. Create an ALB in GCP.
2. Configure the ALB to forward requests to your existing TCP target pool NLB.
3. Enable the WAF feature on the ALB.

Here are the important things to remember or configurations you have to keep in mind:
- On the creation part of ALB, in the "Backend Configuration" section, select "Use a custom backend service".
Create a custom backend service and select your existing TCP Target-pool network load balancer (NLB) as the backend.
- In the "Backend Configuration" section of the ALB configuration, select "Use a custom backend service". Create a custom backend service and select your existing TCP Target-pool network load balancer (NLB) as the backend.
- In the "Security" section of the ALB configuration, enable the "Web Application Firewall" option.

Let me know if this helps.