Forum Discussion
JRahm
Aug 18, 2022Admin
Hi Olayinka-F5LB, I'm sure others will weigh in as well, but it ultimately comes down to security policy requirements on what isolation means from physical and logical separation. A vcmp-enabled system would allow you to achieve logical isolation within a share physical asset. Otherwise, you could achieve routing isolation within a non-vcmp system using route domains. It comes down to policy, and then design/ownership/roles of responsibility on changes so shared systems don't inadvertently compromise your zones. If the behaviors of your organization concern you on achieving that, I'd recommend keeping dmz/internal cleanly separated. Note this is my opinion, not an official F5 position on that.