An application is published on Internet (Public), to Partners (private network access with an IPsec VPN GW) and to corporate users (Internal, branch office, SSL VPN). The security must be the same accross all access paths (Public, Partner, Internal). The publication on Internet is limited to a set of REs. For example: virtual site of REs in EUrope only.
A Load Balancer can be advertise on REs or CEs, but not both in the same time. The workaround is to create 2 LBs: Internet and Partner + Internal. But the SecOps experience is really bad: a WAF exclusion rule created on one LB must be copied to the another LB, 2 dashboards, less efficient API discovery results...
Could we advertised a LB on a custom list including: - Internet (Specified VIP) - Customer Site - Customer Virtual Site