Forum Discussion
NimbostratusF5 2200s in the DMZ and LAN Security / PCI compliance question
Hello, I have a requirement for load balancing and WAF in my DMZ environment and also for load balancing only in my LAN environment. The environments must be secure and compliant with the PCIDSS. My question is, if I use the same F5 appliance for the load balancing/WAF in the DMZ, and the load balancing in the LAN, using different ports on the F5, how would I be able to prove to my PCI auditor that there is no possibility of the LAN traffic being visible or captured in some way in the DMZ should a compromise occur. Any thoughts on this please.
4 Replies
EmadCirrostratus
I think you should be creating RouteDomains. Route Domains will isolate your DMZ from LAN. one RouteDomain for DMZ and second for LAN.
- Emad
I think you should be creating RouteDomains. Route Domains will isolate your DMZ from LAN. one RouteDomain for DMZ and second for LAN.
GraemeZwart_185Hi Johny Walker, thank you, and is the creating of route domains a feature that is available on the 2200s model?
- Emad
