NimbostratusWhat is usually the best practices for LTM placement within the network? Internet Edge? Behind the firewall at the edge? It between internal and external firewalls? Hanging off the edge firewall?
CirrusIf you are strictly deploying LTM, you'd really want to put it behind your perimeter security devices. If you enable AFM, you will have a rich stateful firewall that can be placed on the Internet edge. If you are going to use load balancing on the F5, I personally like to have the F5 "present" on the server VLAN so that F5-to-pool-member communications are strictly layer 2. This helps to eliminate any MTU, tagging, etc. that could happen to load balanced traffic before it actually gets to the back end server, which greatly helps when troubleshooting.
NimbostratusLooks like we are looking at a one arm deployment. which will hang off out DMZ switches that are connected to the ASA firewall. So In this case is external vlan not a concept with this design?
NimbostratusIf you go with 1 arm in a DMZ then you do not necessarily need 2 vlans as pool member traffic will route back over the vlan connected to your DMZ Switch.
cheers
NimbostratusRight, so this is why i didnt use the setup wizard because it always assumes inline and wants internal and external vlans. Also with one arm, SNAT is going to be needed correct?
Cirrus