Forum Discussion
fahimfarookme
Nimbostratus
NimbostratusEnterprise Security best practices with F5 WAF
When it comes to responsibilities of each layer in an enterprise (i.e. DMZ/ WAF, application, SoR etc), and provided F5 Advanced WAF is deployed on the DMZ, should other layers assume primary respons...
zamroni777
MVP
MVPif all user access to the app goes through bot defense in dmz f5 awaf, then no need to put the filter again in server zone.
in my personal opinion, bigip/waf is application-layer oriented device, not network layer oriented device.
it behaves more like application servers, so it's more properly installed in the server zone.
and btw, bigip device supports vlan, vxlan, and vrf-like segmented routing via route domain features.
so actually 1 device can covers all zones if you set proper vlan/vxlan/vrf configurations.
some people might "persuade" buyers to buy separate devices for each zone though 🙂
fahimfarookmeNimbostratus
NimbostratusThanks for your response.
In our case F5 WAF is in the DMZ and the applications are in the private subnets behind DMZ.
