Forum Discussion

Nimbostratus

Jul 30, 2014

Downside of using a single DMZ vlan intead of typical internal/external VLANs?

I'm designing an LTM implementation where web servers in a DMZ need to be load balanced. In the current design, the F5 has a single DMZ VLAN. This VLAN is the same subnet as the web servers. So for e...

application delivery

availability

BIG-IP Access Policy Manager (APM)

Cumulonimbus

Jul 30, 2014

I can't think of any major problems, but my 2 cents would be:

Like you said, 1 armed is half the throughput
You will be using your address space faster since real and virtual servers are in the same subnet
Helps with potential firewall mistakes. Say you retire a virtual server that has a firewall rule allowing port 443. You forget to remove the fw rule, and put a server on that same address, now you are allowing 443 direct to that server.
In the case of Internet and public addressing, you can private address your internal DMZ and public address your external F5 DMZ.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)