Forum Discussion

Nimbostratus

Jun 11, 2013

LTM External VLAN Design

How many people here have put the external VLAN for the F5 outside their Firewall? Currently we have deployed an LTM behind the FW and we handling external NAT'ing on the Firewall. I wan...

config

design

Kevin_Stewart

Employee

Aug 30, 2013

It's definitely done this way by many F5 customers. It's a default deny appliance - that should make the network guy happy, and it's ICSA-certified - which should make the IA guy happy. You've got packet filtering built into LTM (which is a large part of the certification), and then you have the new Advanced Firewall Manager (AFM) which is a full proxy, extremely high throughput, stateful firewall that runs on top of the ADC. I would probably agree with Bhattman in that there are absolutely situations where you'd want to separate firewall and load balancer, but then in many cases that's not true anymore.

Forum Discussion

LTM External VLAN Design

Recent Discussions

Find GSLB pool membership from vip IP

Server 2 causing application slowness

F5Access | MacOS Sonoma

AS3 Deployments (shared objects)

Inquiry on F5's Maintenance Mode Feature for Pool Members

Related Content

F5 BIG-IP in Cisco ACI Multi-Site and Multi-Pod - Design Options

Verified Design: SSL Orchestrator with Palo Alto NGFW Virtual Edition-Part 1

Mitigating OWASP Web Application Risk: Insecure Design using F5 XC platform

CSV to Address External Datagroup File

Decision box design using js