F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

player_72606's avatar
player_72606
Icon for Nimbostratus rankNimbostratus
Mar 03, 2012

bigip as FW

Hi all,     i would like to use the bigip as FW between the networks it is the L3 for them   for example one network is web server and the other is sql servers, i would like to permit   14...
config
design
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Mar 04, 2012
As Hamish said, LTM is an ICSA certified firewall in 11.x:

 

 

http://www.f5.com/pdf/solution-profiles/big-ip-ltm-firewall-security-sp.pdf

 

 

I'd actually suggest using virtual servers to limit access through LTM. With a virtual server, you can enable it on specific ingress VLAN(s). If you need to do more specific source based ACLs, you can use iRules on the virtual servers. Virtual servers and optionally iRules should perform much more efficiently than using packet filters as the latter are applied to all connections whereas a VS is by definition just one listener (IP:port combination). The packaging for this is going to get more refined as the ADC firewall matures.

 

 

Aaron