nginx · travisamartin · Apr 30, 2026 · Apr 30, 2026 · Apr 30, 2026 · Apr 30, 2026
@@ -1,4 +1,7 @@
 ---
+nd-product: F5DOSN
+nd-files:
+- content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md
 ---
 
 ```dockerfile

@@ -1,4 +1,7 @@
 ---
+nd-product: F5DOSN
+nd-files:
+- content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md
 ---
 
 ```dockerfile

@@ -1,4 +1,7 @@
 ---
+nd-product: F5DOSN
+nd-files:
+- content/nap-dos/deployment-guide/learn-about-deployment.md
 ---
 
 ```dockerfile

@@ -1,4 +1,7 @@
 ---
+nd-product: F5DOSN
+nd-files:
+- content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md
 ---
 
 ```dockerfile

@@ -1,4 +1,7 @@
 ---
+nd-product: F5DOSN
+nd-files:
+- content/nap-dos/deployment-guide/learn-about-deployment.md
 ---
 
 ```dockerfile

@@ -1,5 +1,9 @@
 ---
 nd-product: F5DOSN
+nd-files:
+- content/nap-dos/deployment-guide/learn-about-deployment.md
+- content/nap-dos/deployment-guide/kubernetes.md
+- content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md
 ---
 
 ```dockerfile

@@ -1,4 +1,7 @@
 ---
+nd-product: F5DOSN
+nd-files:
+- content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md
 ---
 
 ```dockerfile

@@ -1,5 +1,9 @@
 ---
 nd-product: F5DOSN
+nd-files:
+- content/nap-dos/deployment-guide/learn-about-deployment.md
+- content/nap-dos/deployment-guide/kubernetes.md
+- content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md
 ---
 
 ```dockerfile

@@ -1,4 +1,7 @@
 ---
+nd-product: F5DOSN
+nd-files:
+- content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md
 ---
 
 ```dockerfile

@@ -1,4 +1,7 @@
 ---
+nd-product: F5DOSN
+nd-files:
+- content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md
 ---
 
 ```dockerfile

@@ -1,4 +1,7 @@
 ---
+nd-product: F5DOSN
+nd-files:
+- content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md
 ---
 
 ```dockerfile

@@ -1,4 +1,7 @@
 ---
+nd-product: F5DOSN
+nd-files:
+- content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md
 ---
 
 ```dockerfile

@@ -1,31 +1,32 @@
 ---
-nd-docs: null
+nd-product: F5DOSN
 nd-files:
 - content/nap-dos/deployment-guide/kubernetes.md
 - content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md
+- content/nap-dos/deployment-guide/learn-about-deployment.md
 ---
 ## F5 DoS for NGINX Arbitrator
 
 ### Overview
 
-F5 DoS for NGINX arbitrator orchestrates all the running F5 DoS for NGINX instances to synchronize local/global attack start/stop.
+F5 DoS for NGINX Arbitrator orchestrates all running F5 DoS for NGINX instances to synchronize local and global attack start and stop.
 
-F5 DoS for NGINX arbitrator serves as a central coordinating component for managing multiple instances of  App Protect DoS in a network. It is needed when there are more than one F5 DoS for NGINX instances. Its primary function is to ensure that all instances are aware of and share the same state for each protected object. Here's a clearer breakdown of how it works and why it's necessary:
+F5 DoS for NGINX Arbitrator is a central coordinating component for managing multiple F5 DoS for NGINX instances in a network. It is needed when there is more than one F5 DoS for NGINX instance. Its primary function is to ensure that all instances are aware of and share the same state for each protected object.
 
-How F5 DoS for NGINX Arbitrator Works:
+### How the Arbitrator works
 
-- **Collecting State Periodically**: The arbitrator regularly collects the state information from all running instances of App Protect DoS. This collection occurs at set intervals, typically every 10 seconds.
-- **State Initialization for New Instances**: When a new App Protect DoS instance is created, it doesn't start with a blank or uninitialized state for a protected object. Instead, it retrieves the initial state for the protected object from the arbitrator.
-- **Updating State in Case of an Attack**: If an attack is detected by one of the App Protect DoS instances, that instance sends an attack notification to the arbitrator. The arbitrator then updates the state of the affected protected object to indicate that it is under attack. Importantly, this updated state is propagated to all other instances.
+- **Collecting state periodically**: The Arbitrator regularly collects state information from all running F5 DoS for NGINX instances. This collection occurs at set intervals, typically every 10 seconds.
+- **State initialization for new instances**: When a new F5 DoS for NGINX instance starts, it retrieves the initial state for each protected object from the Arbitrator rather than starting with an empty state.
+- **Updating state during an attack**: When an F5 DoS for NGINX instance detects an attack, it sends a notification to the Arbitrator. The Arbitrator updates the state of the affected protected object and propagates that state to all other instances.
 
-### Why F5 DoS for NGINX Arbitrator is Necessary
+### Why F5 DoS for NGINX Arbitrator is necessary
 
 F5 DoS for NGINX Arbitrator is essential for several reasons:
 
-- **Global State Management**: Without the arbitrator, each individual instance of App Protect DoS would manage its own isolated state for each protected object. This isolation could lead to inconsistencies. For example, if instance A declared an attack on a protected object named "PO-Example," instance B would remain unaware of this attack, potentially leaving the object vulnerable.
-- **Uniform Attack Detection**: With the arbitrator in place, when instance A detects an attack on "PO-Example" and reports it to the arbitrator, the state of "PO-Example" is immediately updated to indicate an attack. This means that all instances, including instance B, are aware of the attack and can take appropriate measures to mitigate it.
+- **Global state management**: Without the Arbitrator, each F5 DoS for NGINX instance manages its own isolated state for each protected object. This can lead to inconsistencies. For example, if instance A declares an attack on a protected object named "PO-Example," instance B remains unaware of it, potentially leaving the object vulnerable.
+- **Uniform attack detection**: With the Arbitrator, when instance A detects an attack on "PO-Example" and reports it, the Arbitrator updates the state of "PO-Example" and propagates it to all instances, including instance B.
 
-In summary, F5 DoS for NGINX Arbitrator acts as a central coordinator to maintain a consistent and up-to-date global state for protected objects across multiple instances of App Protect DoS. This coordination helps ensure that attacks are properly detected and mitigated, and that knowledge gained by one instance is efficiently shared with others, enhancing the overall security of the network.
+F5 DoS for NGINX Arbitrator maintains a consistent global state for protected objects across all F5 DoS for NGINX instances. This ensures attacks are detected and mitigated uniformly across your deployment.
 
 
 ### F5 DoS for NGINX Arbitrator Deployment
@@ -49,9 +50,9 @@ In summary, F5 DoS for NGINX Arbitrator acts as a central coordinator to maintai
 
 ### Multi-VM Deployment
 
-The Arbitrator service is standalone. Once it is down, it can be seamlessly re-started. It will immediately recover all the needed information from F5 DoS for NGINX instances that communicate to it every 10 sec. It’s downtime is around 10-20 seconds which  will not affect the F5 DoS for NGINX working.
+The Arbitrator service is standalone. If it goes down, it can be restarted and immediately recovers all required information from F5 DoS for NGINX instances, which report to it every 10 seconds. Its downtime is around 10 to 20 seconds, which does not affect F5 DoS for NGINX operation.
 
-F5 DoS for NGINX Arbitrator service connects to port 3000 and can be seen under App Protect DoS instances. All modules try to connect to this service automatically. If it’s not accessible, each instance works in standalone mode.
+F5 DoS for NGINX Arbitrator connects to port 3000. All modules try to connect to it automatically. If it's not accessible, each instance operates in standalone mode.
 
-There is no such option for authentications between F5 DoS for NGINX servers and Arbitrator service like MTLS or password . Currently Arbitrator service is not exposed outside of the namespace. It is customers responsibility to isolate it from outside. It is applicable to any deployment of Arbitrator, not only to multi-VM.
+F5 DoS for NGINX does not support mutual TLS (mTLS) or password authentication between DoS servers and the Arbitrator. Arbitrator is not exposed outside the namespace. It is the customer's responsibility to isolate it from external access. This applies to all Arbitrator deployments, not only multi-VM.
 
@@ -1,5 +1,5 @@
 ---
-nd-docs: null
+nd-product: F5DOSN
 nd-files:
 - content/nap-dos/deployment-guide/learn-about-deployment.md
 - content/nap-dos/deployment-guide/kubernetes.md

@@ -1,9 +1,7 @@
 ---
-nd-docs: null
+nd-product: F5DOSN
 nd-files:
 - content/nap-dos/deployment-guide/learn-about-deployment.md
-- content/nap-dos/deployment-guide/kubernetes.md
-- content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md
 ---
 
 

@@ -1,5 +1,5 @@
 ---
-nd-docs: null
+nd-product: F5DOSN
 nd-files:
 - content/nap-dos/deployment-guide/learn-about-deployment.md
 - content/nap-dos/deployment-guide/kubernetes.md
@@ -36,7 +36,7 @@ You can run the following commands to ensure that F5 DoS for NGINX enforcement i
     2025/12/07 09:14:34 [notice] 679#679: APP_PROTECT_DOS { "event": "shared_memory_connected", "worker_pid": 679, "mode": "operational", "mode_changed": true }
     ```
 
-3. Check that by applying an attack, the attacker IP addresses are blocked while the good traffic pass through:
+3. Verify that when you simulate an attack, attacker IP addresses are blocked while legitimate traffic passes through:
 
    a. Simulate good traffic:
 
@@ -64,7 +64,7 @@ You can run the following commands to ensure that F5 DoS for NGINX enforcement i
     done
     ```
 
-   c. See that the good traffic continue as usual while the attackers receive denial of service.
+   c. Verify that legitimate traffic continues as usual while the attack traffic is blocked.
 
 4. For DOS with L4 accelerated mitigation enabled
 

@@ -1,4 +1,5 @@
 ---
+nd-product: F5DOSN
 ---
 
 ```appprotect-dos-arb.yaml

@@ -1,4 +1,5 @@
 ---
+nd-product: F5DOSN
 ---
 
 ```svc-appprotect-dos-arb.yaml

@@ -1,4 +1,7 @@
 ---
+nd-product: F5DOSN
+nd-files:
+- content/nap-dos/deployment-guide/kubernetes.md
 ---
 
 ```dos-deployment.yaml

@@ -1,4 +1,7 @@
 ---
+nd-product: F5DOSN
+nd-files:
+- content/nap-dos/deployment-guide/kubernetes.md
 ---
 
 ```dos-log-default-configmap.yaml

@@ -1,4 +1,7 @@
 ---
+nd-product: F5DOSN
+nd-files:
+- content/nap-dos/deployment-guide/kubernetes.md
 ---
 
 ```dos-namespace.yaml

@@ -1,4 +1,7 @@
 ---
+nd-product: F5DOSN
+nd-files:
+- content/nap-dos/deployment-guide/kubernetes.md
 ---
 
 ```dos-nginx-conf-configmap.yaml
@@ -61,7 +64,7 @@ data:
 
             access_log /var/log/nginx/access.log log_dos if=$loggable;
             app_protect_dos_security_log_enable on;
-            app_protect_dos_security_log "/etc/app_protect_dos/log-default.json" syslog:server=10.197.30.219:5261;
+            app_protect_dos_security_log "/etc/app_protect_dos/log-default.json" syslog:server=<syslog-server-ip>:<port>;
             app_protect_dos_policy_file "/etc/app_protect_dos/BADOSDefaultPolicy.json";
 
             location / {

@@ -1,4 +1,7 @@
 ---
+nd-product: F5DOSN
+nd-files:
+- content/nap-dos/deployment-guide/kubernetes.md
 ---
 
 ```dos-service.yaml

@@ -1,4 +1,7 @@
 ---
+nd-product: F5DOSN
+nd-files:
+- content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md
 ---
 
 ```dos-deployment.yaml

@@ -1,4 +1,7 @@
 ---
+nd-product: F5DOSN
+nd-files:
+- content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md
 ---
 
 ```dos-log-default-configmap.yaml

@@ -1,4 +1,7 @@
 ---
+nd-product: F5DOSN
+nd-files:
+- content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md
 ---
 
 ```dos-namespace.yaml

@@ -1,4 +1,7 @@
 ---
+nd-product: F5DOSN
+nd-files:
+- content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md
 ---
 
 ```dos-nginx-conf-configmap.yaml
@@ -62,7 +65,7 @@ data:
 
             access_log /var/log/nginx/access.log log_dos if=$loggable;
             app_protect_dos_security_log_enable on;
-            app_protect_dos_security_log "/etc/app_protect_dos/log-default.json" syslog:server=10.197.30.219:5261;
+            app_protect_dos_security_log "/etc/app_protect_dos/log-default.json" syslog:server=<syslog-server-ip>:<port>;
             app_protect_dos_policy_file "/etc/app_protect_dos/BADOSDefaultPolicy.json";
 
             location / {

@@ -1,4 +1,7 @@
 ---
+nd-product: F5DOSN
+nd-files:
+- content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md
 ---
 
 ```dos-service.yaml