F5 DNS listener protection from DDOS and other attacks

Question

We have F5 Big-IP VE with license GTM(DNS). I have configured gslb.example.com zone in ZoneRunner and delegate it in our external (ISP) DNS servers in order to our clients get information for zone gslb.example.com from our F5 big-IP VE. Notify, that there is a PaloAlto 3020 in front of F5 Big-IP VE.

How can I protect my DNS Listeners from DDOS and other attacks?

samir · Answer

Modern security device has the capabilities to protect network from attack such as DOS, DDOS, Syn flood etc. As you said palo alto is front then F5 DNS. So these devices has DDOS protection machanism. If possible add one more layer between palo alto n F5 DNS.

Thanks

harutyun · Answer

Hi &nbsp;. Thank you for your respond. What do you mean one more layer between PA and F5 DNS? Is there necessary to implement F5 AWAF with DNS?

samir · Answer

AWAF will not help here.you can add additional L3 layer(i.e firewall,etc)

harutyun · Answer

We also have Cisco router(Nat, VPN, Acces Lists) in front of PA.

Forum Discussion

F5 DNS listener protection from DDOS and other attacks

Recent Discussions

Service discovery is not happening in AS3

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

FTP PASV mode to Extended Passive mode

Oracle JDBC SSL Termination failing on F5

APM for banner and cert

Related Content

F5 Distributed Cloud - Listener Logic

Exploit PowerShell, Ransomware Attack Report, Active Cyber Defense, Attack to GPS

Protecting Critical Apps against EastWest Attack

L7 DoS Protection with NGINX App Protect DoS

Explore how F5 BIG-IP Advanced WAF protects against attacks on GraphQL API

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS