Recommended Approach for EP on the Web [AX 2012]

Question

Hi all,&nbsp;
I got this question from our AX team, any sugestion for a setup?
We use only LTM and 11.2.1 and will upgrade to 11.3.0
For me it's look like they can skip the AD server in DMZ, move the EP web server to the LAN and open in the F5, 80 and 443.&nbsp;
Microsoft's recommended approach is that we should install Enterprise Portal in a DMZ and I believe there were also some requirements around AD servers, see diagram at http://technet.microsoft.com/en-us/library/dd361998.aspx&nbsp;
Do we have this facility or the ability to achieve same security with F5?&nbsp;
Regards Jan Rockstedt&nbsp;

what_lies_bene1 · Answer

Is this public/Internet facing?&nbsp;

what_lies_bene1 · Answer

Hey Jan,&nbsp;
It depends really. I can't see most enterprise security people agreeing to move the whole thing to the LAN but personally I'd have no problem with that assuming your confident your F5 is secure and whatever firewall you have at your Internet border is up to the job too. &nbsp;
Can I assume the DMZ and two tier firewall architecture isn't possible in your environment?&nbsp;
F5 device security wise, there's lots of things to think about, Port Lockdown, ICMP etc. rate limiting, disabling root access, ARP settings, audit logging, SSH/HTTPS mgmt idle timeouts, packet filters and a few others.&nbsp;

Forum Discussion

Recommended Approach for EP on the Web [AX 2012]

2 Replies

Recent Discussions

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

Related Content

Guarding Large Language Models: Advanced Approaches to Preventing Model Theft

Stacking iRules: A Modular Approach

F5 SLEDFest 2022 Sacramento Edition - Simple and Effective Approach to Defeating Bots & Fraud Preso

Recommended Persistence for F5 working as ISP-LB ( ISP Load Balancing )

The Top 10, Top Predictions for 2012