Configure the Bot Defense Infrastructure

Published November 16, 2025 | Last modified May 19, 2026

Important: Bot Defense Self-Service Policy Management is an Early Access feature.

Use the F5 Distributed Cloud Console to add and configure your Bot Defense infrastructures in the F5 Hosted Cloud. Bot Defense infrastructures are the virtual machines that host the Bot Defense components that process and evaluate your traffic to determine what traffic is human and what is automated (bots).

Important: If you use Bot Defense in API mode, you cannot use self-service to create your Bot Defense infrastructure. You must contact F5 Support or your Sales team to create your infrastructure.

A typical Bot Defense deployment consists of multiple Test and Production infrastructures. You can add as many Production and Test infrastructures as your subscription limit allows.

To add a new Bot Defense infrastructure, you must provide information about the type of traffic you want to process with the infrastructure, whether the infrastructure is for production or for testing, the geographic region where you want the infrastructure located, and the IP addresses from which you want to allow traffic to access the new infrastructure.

Before you begin:

  • You must purchase Bot Defense. You must have an active F5 Distributed Cloud account. If you do not have an account, see Getting Started with Distributed Cloud Console.
  • You must have either the f5xc-bot-defense-admin or ves-io-admin-role role.
  • You can enable Bot Defense on any namespace on your portal, and therefore you must make sure you select the correct namespace. For example, if you plan to integrate Bot Defense with an HTTP load balancer in Distributed Cloud, make sure you deploy Bot Defense in the same namespace as the load balancer. Once you deploy Bot Defense, you cannot move it to a new namespace.

To add a new Bot Defense infrastructure:

  1. In the F5 Distributed Cloud Console, go to Bot Defense.

  2. From the Bot Defense navigation panel, select Manage > Bot Infrastructure.

  3. Select Add Bot Infrastructure.

    Figure: Add a Bot Defense Infrastructure

    Figure: Add a Bot Defense Infrastructure

  4. Enter a unique Name for the new Bot Defense infrastructure.

  5. From the Traffic Type drop-down menu, select the type of traffic that you want to route to and process with this infrastructure. Choose one of the following options:

    • Web: When selected, only web traffic, including browser-based traffic from mobile devices, is routed through this Bot Defense infrastructure.
    • Mobile: When selected, only mobile traffic from native mobile apps with the Bot Defense SDK are routed through this Bot Defense infrastructure.
    Figure: Select the Traffic Type

    Figure: Select the Traffic Type

  6. From the Infra Type drop-down menu, make sure the F5 Cloud Hosted option is selected.

  7. From the Environment Type drop-down menu, select one of the following options:

    • Production: Select this if you are adding the infrastructure that you plan to use to protect your live production applications and services from automated attacks. A Production infrastructure has two infrastructure regions in an Active-Active configuration in which traffic is routed equally between the two regions.

      Select regions from the Ingress Region 1 and Ingress Region 2 drop-down menus. F5 recommends that you select regions that are geographically close to your traffic and that you select a different region for each infrastructure.

    • Test: Select this if you are adding an infrastructure that you plan to use to evaluate new features, settings, and system performance. A Test infrastructure has a single infrastructure region that processes all traffic.

      Select a region from the Ingress Region 1 drop-down menu. F5 recommends that you select a region that is geographically close to your traffic.

      Figure: Select the Environment Type

      Figure: Select the Environment Type

  8. Add entries to the Ingress IP Access Control List. Only traffic from these IP addresses is allowed to access this Bot Defense infrastructure. To add IP addresses, select Add Item, and enter an IP address in CIDR notation.

    Figure: Configure the Ingress Access Control List

    Figure: Configure the Ingress Access Control List

    Note: After you add your new Bot Defense infrastructure, you can optionally add allowed host names to your access control list. For information, see Add Allowed Host Names to a Bot Defense Infrastructure Access Control List.

  9. When you finish, select Add Bot Infrastructure.

After you save your new infrastructure, it takes a few minutes for Bot Defense to finish creating the infrastructure and default Bot Defense policies. Select Refresh on the Bot Infrastructure page to see the latest list of Bot Defense infrastructures.

Next Steps:

After you configure your Bot Defense infrastructure, you must review and configure Bot Defense policies. Default versions of the following policies are automatically created when you add the Bot Defense infrastructure:

  • Endpoint Policy
  • Allowlist Policy
  • Network Policy

For information about configuring Bot Defense Policies, see Get Started with Bot Defense - Configure Your Bot Policies.