Forum Discussion

Nimbostratus

Mar 04, 2012

bigip as FW

Hi all, i would like to use the bigip as FW between the networks it is the L3 for them for example one network is web server and the other is sql servers, i would like to permit 14...

config

design

hooleylist

Cirrostratus

Mar 04, 2012

As Hamish said, LTM is an ICSA certified firewall in 11.x:

http://www.f5.com/pdf/solution-profiles/big-ip-ltm-firewall-security-sp.pdf

I'd actually suggest using virtual servers to limit access through LTM. With a virtual server, you can enable it on specific ingress VLAN(s). If you need to do more specific source based ACLs, you can use iRules on the virtual servers. Virtual servers and optionally iRules should perform much more efficiently than using packet filters as the latter are applied to all connections whereas a VS is by definition just one listener (IP:port combination). The packaging for this is going to get more refined as the ADC firewall matures.

Aaron

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

bigip as FW

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

Re: BigIP Report

BigIP Report Old

Integrating the F5 BIGIP with Azure Sentinel

Securing APIs with BigIP

F5 BIGIP WAF AND F5 DNS

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS