Forum Discussion
NimbostratusF5 AFM behind the internet router
Hi, I want to deploy F5 between internet and firewall with ASM and AFM. could you please say important points and configuration.
Router --> F5 --> Firewall --> servers
4 Replies
Faruk_AYDINAltostratus
If you plan to use AFM, you don't use an extra Firewall. If you use, troubleshooting sometimes can be difficult. Because you have to check two firewall logs and tcpdump in two diffirent devices.
TayF5unAFM controls only inbound traffic, I want to control both incoming and outgoing traffic. Moreover, AFM can not function as a next-generation firewall.
- Faruk_AYDIN
Are there any users? If yes, NG FW can be ideal for them. I think AFM and NGFW should be used in parallel, not in serial. There may be a connection between NGFW and AFM to route user traffic to the servers or just do it by routing.
jgranieri@TayF5un
AFM controls inbound/outbound. You set the direction of the traffic flow based on source vlan and destination IP's/VLAN
I would recommend using the AFM firewall as long as it can do all the NAT's you require. I have found some difficulty in using AFM to duplicate advancing NAT's that my other firewall vendor can do more easily.
Consider using TPS anomaly DoS protection for any websites that are potential targets. Make sure you tune the AFM DoS vectors.
HSL High Speed Logging is a recommendation since logging with ASM/AFM can get quite cumbersome on the standard MGT interface
