Forum Discussion

Preetham_73405's avatar
Preetham_73405
Icon for Nimbostratus rankNimbostratus
Dec 31, 2010

F5 behind a router instead of a firewall, are there any risks??

Most practices refer to installing a F5 LTM with ASM behind a firewall               Internet --> Router --> FireWall --> LTM with ASM --> Web Servers       ...
security
Hamish's avatar
Hamish
Icon for Cirrocumulus rankCirrocumulus
Nov 11, 2015

Yep. True. Very True.

 

It has been over 4 years since I wrote the comments above. And the product has come a long way. To the point where IF you're using additional functionality such as AFM etc then there is a good argument for not having a separate firewall.

 

I don't follow your argument about it being a follow on from there being more HTTPS. There's no additional requirement for the NG firewall to do the SSL offload. They didn't for TLS previously. Having more TLS doesn't make that any different. But could lend an argument that having a separate firewall is LESS required because it's doing nothing more than providing simple port based filtering...

 

Old info on the internet is not a situation unique to BigIP though. I often search and find most comments amor the early 2000's... Heck, some of it I wrote... It's like a comment I saw from Jason the other day... Sometimes I find something I wrote a long time ago and think HTF did I work that out...

 

H