Forum Discussion

Preetham_73405's avatar
Preetham_73405
Icon for Nimbostratus rankNimbostratus
Dec 31, 2010

F5 behind a router instead of a firewall, are there any risks??

Most practices refer to installing a F5 LTM with ASM behind a firewall               Internet --> Router --> FireWall --> LTM with ASM --> Web Servers       ...
security
svs's avatar
svs
Icon for Cirrostratus rankCirrostratus
Nov 11, 2015

Great to hear that and great to see someone reacts on this article after so much time has passed. ;-)

 

What I meant was, that there are much people terminating SSL/TLS connections on their NG firewalls for using features like IDS/IDP. I have much customers who are trying to intercept those connections inbound for "security" purposes. But using such features means to go without the SSL/TLS advantages of the BIG-IP.

 

However, I'm pretty sure that even without AFM it's a pretty good idea to put the BIG-IP beside the firewall, because it's a default-deny device (w/o AFM) and in combination with ASM it does a better job for HTTP than every firewall I know. Of course there are much more technical reasons to do this than just this two surficial.

 

Greets, svs