Forum Discussion
Mike_Maher
Jun 06, 2011Nimbostratus
Similar but actually our external and internal LTMs are physically seperate devices. The externals live in a DMZ behind our firewall and the internals, obviously live behind a firewall on our internal network.
Yes our ASMs are both Active behind the external LTM.
I guess it would depend how you feel about the security of VLANing if you wanted to use the design concept in this document. Personally I prefer the physical separation of the 2 LTMs. From a security perspective having the external LTM out in a DMZ allows us to only allow the ASMs access to the internal LTM. I would rather have the external traffic stop in the DMZ and be proxied by the ASM, that way the external requests are never directly going to a device on our internal network.