Forum Discussion

bsm1970's avatar
bsm1970
Icon for Nimbostratus rankNimbostratus
Mar 02, 2016

Attack signatures, security policies and NAT vs Virtual Servers

I'm new to the BIG IP system so forgive me if this seems rather simple.   We have a few public facing web servers we are bringing in to our DMZ (they are hosted elsewhere now). The traffic load...
ASM Advanced WAF
attack signatures
LTM
security
bsm1970's avatar
bsm1970
Icon for Nimbostratus rankNimbostratus

bump for any other responses?

 

bsm1970's avatar
bsm1970
Icon for Nimbostratus rankNimbostratus
Mar 07, 2016
Let me see if I understand what you're saying. The public IP of the web server the external user wants to reach should be routed to the VS on the F5 by the perimeter firewall. I would probably set up a different VS for each website so we would do the same thing for all of the other sites we stand up. I think initially I won't have any ASM policy running. I just want to get traffic flowing initially then work toward adding ASM policy. So for that, where would SNAT come into play? Is that just to make sure the traffic is routed back through the F5? And would SNAT be necessary if the web server nodes have the F5 as their default gateway?