Forum Discussion
DFeike_160744
Jul 06, 2015Nimbostratus
Hello Zubair,
i also can backup the statement that destination NAT on a firewall is NO security feature in any way. If you are however planning to use the GTM in the future and use autodiscovery of the LTM's Virtual Servers, than you should consider using public IPs for the VS. Just as a hint, remember to enable VS only on the VLANs you want them actually listen for traffic. If you don't limit it, then the VS would be accessible on all VLANs by default.
Also it is true that the BIG-IP itself is a deny-all device and will reject all traffic that doesn't match listener objects such as a Virtual Server or a SNAT (Pool).
Best regards David