Forum Discussion

Preetham_73405's avatar
Preetham_73405
Icon for Nimbostratus rankNimbostratus
Dec 31, 2010

F5 behind a router instead of a firewall, are there any risks??

Most practices refer to installing a F5 LTM with ASM behind a firewall               Internet --> Router --> FireWall --> LTM with ASM --> Web Servers       ...
security
Hamish's avatar
Hamish
Icon for Cirrocumulus rankCirrocumulus
Jan 01, 2011
IMNSHO... Keep the firewall.

 

 

The F5's are all about performance and acceleration. Not necessarily front-end security (Although you could get creative with packet filters etc). Whereas the firewalls are all about security first and foremost.

 

 

Keep the firewalls, and remember...

 

 

1. If performance is an issue, use dedicated firewalls for your important apps. FW software and which hardware you're using really make a big difference here...

 

2. The network (Including firewalls) isn't usually the bottleneck (Unless you're doing hi-freq trading in which case your response times will be measured in ns...).

 

3. Router ACL's are generally packet matching only. And seldom do deep packet inspection

 

4. Where routers do do DPI, they're generally not very quick about it (They're optimised for ROUTING, not firewalling).

 

5. If you log a lot on routers, they REALLY REALLY slow down A LOT. (Been there, done that. Got the scars).

 

 

 

H