Forum Discussion
kmurphy_130520
Nimbostratus
NimbostratusDownside of using a single DMZ vlan intead of typical internal/external VLANs?
I'm designing an LTM implementation where web servers in a DMZ need to be load balanced. In the current design, the F5 has a single DMZ VLAN. This VLAN is the same subnet as the web servers. So for e...
mimlo_61970
Cumulonimbus
CumulonimbusI can't think of any major problems, but my 2 cents would be:
- Like you said, 1 armed is half the throughput
- You will be using your address space faster since real and virtual servers are in the same subnet
- Helps with potential firewall mistakes. Say you retire a virtual server that has a firewall rule allowing port 443. You forget to remove the fw rule, and put a server on that same address, now you are allowing 443 direct to that server.
- In the case of Internet and public addressing, you can private address your internal DMZ and public address your external F5 DMZ.
