Forum Discussion
EvilRootSa_2832
Nimbostratus
NimbostratusBIGip_9.4.*_Firewall feature?
Ive been told that BIGip can act as a firewall. Is this possible. My company has been told that BIGIP can act as a firewall and Im cusious to know if that is fact or not. If it is possible with LTM setup, how do you process your external to your internal port ACL?
EVR
3 Replies
EvilRootSa_2832In addition, when it comes to routing, if there is a Default Gateway(0.0.0.0 0.0.0.0 192.168.x.x) in the Route section of the BIGIP, wont all VS go to the Gateway shown the route statement?- The_BhattmanI think you are refering the BIGIP ASM (Application Security manager). This is more or less an Application Layer firewall vs the traditional firewalls.
CB 
hoolioCirrostratus
You can use packet filters to restrict access based on source and destination hosts/subnets and/or ports through LTM. ASM is a layer 7 firewall which can validate application traffic for HTTP(S), FTP and SMTP.
As for routing, assuming you have self IP addresses defined on the VLAN that the pool members are on, I think LTM uses that VLAN to ARP for the pool member by IP address to send traffic to. Routing isn't used in that case. If you don't have a self IP on the same subnet as the pool members, then the routing table would be used.
To send responses back to the original client, LTM uses a feature called auto lasthop to record the source MAC address and interface to send the response back to. Again, the routing table is not used for this.
Aaron
