Network Architecture for AFM

Question

Hi, &nbsp;
We have a pair of Big IP F5 ADC (LTM + AFM), and would like to know where i should place the device in the network. &nbsp;
The idea is to use the LTM feature to load balance application servers and AFM module as data center firewall to allow access only from dedicated user subnet to the application servers and at the same time restrict access from the same user subnet to the DB servers under the server farm switch. I am attaching network layout and would appreciate if anyone can help me with the placement of the Big IP F5 device in the network.&nbsp;
Regards, &nbsp;
Abbas Mirza  &nbsp;
&nbsp;

brad_parker · Answer

I can't tell if your picture is L2 or L3 or both. Which switch stack you plug into is up to you but I would suggest making your BigIP the default gateway for the networks you plan on putting behind it. Your BigIP can participate in a VPC trunk so you can cable it with switch redundancy as well.

Forum Discussion

Network Architecture for AFM

1 Reply

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Multi-Cluster, Multi-Cloud Networking for K8S with F5 Distributed Cloud – Architecture Pattern

Mastering API Architectures Ebook from NGINX

Kubernetes architecture options with F5 Distributed Cloud Services

F5 BIG-IP deployment with OpenShift - multi-cluster architectures

F5 NGINXaaS for Azure: Multi-Region Architecture