GTM and LTM design

Question

Should there be a firewall added to my design before a request hits my webservers? &nbsp;

dickeypjeep_116 · Answer

LTM is a firewall, so by adding a firewall you don't gain anything; you just add complexity. &nbsp;

jose_loera_1179 · Answer

Is LTM a full blown firewall just like Microsoft TMG?

dickeypjeep_116 · Answer

Yes, that and more. LTM + APM can completely replace TMG including authentication offload, etc. 
 
With AFM, you can manage the BIG-IP platform as a layer 3/4 firewall, and ASM will provide full layer 7 protection.

LTM is default deny, so it provides layer 3/4 fire-walling, plus it handles SSL so it firewalls at layer 5 as well.

The BIG-IP is definitely a security device :)

iheartf5_45022 · Answer

To continue with dickeypjeep answer, LTM is ICSA-certified firewall by itself (without AFM), however AFM makes management easier and also moves some of the firewall function into TMM core rather than being executed in software using iRules.

techgeeeg · Answer

Hi Jose,&nbsp;
If you only have GTM+LTM then yes you will need a firewall coz this GTM+LTM combo can't offer you IDS+IPS functionality also this combo may also not offer you other layers of firewalling... if you have APM &amp; ASM added as well then no need for firewall.&nbsp;
Regards,&nbsp;

Forum Discussion

GTM and LTM design

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

GTM Design | LTM+ ASM+GTM on same VM

Verified Design: SSL Orchestrator with Palo Alto NGFW Virtual Edition-Part 1

Verified Design: SSL Orchestrator with McAfee Web Gateway-Part 1

GitLab Vulnerability, Secure by Design Pledge, & Near Miss Supply Chain Attack

Mitigating OWASP Web Application Risk: Insecure Design using F5 XC platform

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS