For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

EvilRootSa_2832's avatar
EvilRootSa_2832
Icon for Nimbostratus rankNimbostratus
Oct 15, 2009

BIGip_9.4.*_Firewall feature?

Ive been told that BIGip can act as a firewall. Is this possible. My company has been told that BIGIP can act as a firewall and Im cusious to know if that is fact or not. If it is possible with LTM ...
management
monitoring
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Oct 16, 2009
You can use packet filters to restrict access based on source and destination hosts/subnets and/or ports through LTM. ASM is a layer 7 firewall which can validate application traffic for HTTP(S), FTP and SMTP.

 

 

As for routing, assuming you have self IP addresses defined on the VLAN that the pool members are on, I think LTM uses that VLAN to ARP for the pool member by IP address to send traffic to. Routing isn't used in that case. If you don't have a self IP on the same subnet as the pool members, then the routing table would be used.

 

 

To send responses back to the original client, LTM uses a feature called auto lasthop to record the source MAC address and interface to send the response back to. Again, the routing table is not used for this.

 

 

Aaron