Deploying F5 to Replace Microsoft TMG

Question

Hi Team,&nbsp;
I am replacing  Microsoft Threat Management Gateway (TMG) with BIG IP F5 (LTM + ASM).
With existing setup we have TMG as (ACE LB front end + TMG + ACE LB Back end) with different Vlans assigned like&nbsp;
Vlan X (Ace LB FE)-Vlan Y-(TMG)-Vlan Z-(Ace LB BE)-Vlan A. These all devices will be replaced with Single F5 (LTM+ASM)box.&nbsp;
So I just wanted to know that shall i go with Vlan X and Vlan A (Vlan Y, Z will not be in use) and their associated IP subnets.&nbsp;
Thanks
Ganesh&nbsp;

simon_blakely · Answer

So I just wanted to know that shall i go with Vlan X and Vlan A (Vlan Y, Z will not be in use) and their associated IP subnets.&nbsp;

That makes sense to me - it is certainly the easiest and fastest migration option.&nbsp;

romani_2788 · Answer

Yes indeed, you only need to go with 2 vlans with Big-IP ASM:&nbsp;

The client side vlan, where the virtual server receives traffic from the client; and&nbsp;

The server side vlan where the backend server resides.&nbsp;

So you should be good to get rid of the other two vlans (vlans Y and Z).&nbsp;
Hope this helps.&nbsp;

Forum Discussion

Deploying F5 to Replace Microsoft TMG

2 Replies

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

Front azure traffic from F5 LTM onpremises

Failed to set RDP launch token timeout

AWAF - Do not log Geolocation violations from the Event Log

Creating Client SSL Profile using Certs from a new CA

Load Balancing IIS Servers

Related Content

Deploying F5 BIG-IP in Microsoft Azure for Developers

Deploying F5 Distributed Cloud WAF on Kubernetes

Microsoft Powershell with iControl

Deploying F5’s Web Application Firewall in Microsoft Azure Security Center

Deploy BIG-IP VE in Microsoft Azure Using an ARM Template

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS