BIG-IP LTM - do i need to purchase AFM to make the LTM VE into a decent corporate firewall?

Hi Guys

Thanks for the responses. My skills are mainly in Networking, especially Cisco (Recently completed CCNP) and Juniper, but also in Microsoft and VMware. I have administered Juniper and Cisco firewalls for the last 5 years or so.

I have little to no experience with F5, tmsh, Tcl or Linux, so it will certainly be a challenge, but it is one I am looking forward to. Having seen what F5 is about and some of the things it can do, I am very excited about working with it and definately want to incorporate it into the solution.

Unfortunately, I dont think we can include the AFM due to budget constraints, so I'll have to learn how to administer iRules pretty quickly.

IheartF5, that link is fantastic and is pretty much exactly what I am looking for traffic coming into the Enterprise from the Internet.

If you dont mind I have a couple of additional questions surrounding traffic in the other directions - From inside of the Enterprise out to the Web.

• Does the LTM have any ALG-like functionality for protocols like SIP and FTP?
• Say I wanted to allow a certain group of internal computers access outbound to any server over HTTP, HTTPs and FTP, with a dynamic source NAT of the F5s outside interface IP address, is that sort of thing easy to set up and configure?

Many Thanks for all of the replies and tips so far.