Forum Discussion
Botnet Mitigation if traffic initiated from inside to outside
Hi Deepak,
With what modules ? If a Botnet appeared on your internal Network, that's slightly worrying and hopefully would be picked up by a security function within your business.
If your specifically concerned about a certain application subnet, how does it currently access the internet ? Does it need to access the internet? If its just for an application, can you restrict the IP's it gets to, websites etc etc. (You're bordering on WebProxy territory here)
Could you deploy ASM and look at the application traffic, learn what is "Normal" and log/drop things that aren't ?
From the information you've provided, its very difficult to answer the question. But hopefully the above will help direct you down the right path.
We're "solutionising" different products here.
You've stated you want to mitigate a botnet potentially accessing external resources (Internet)
In this instance your Bluecoat (in my opinion) is in a far better position to lock down access based on Source IP address. You can also do things on the Bluecoat SG like enabling Threat Detection amongst other features.
From the F5 perspective. You can apply an ASM policy to a VIP which is controlled/admistered to applications you want the service to access.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com