Forum Discussion
amiranti1982_54
Dec 06, 2011Nimbostratus
I have a F5-LTM sandwiched between ASAs and a CheckPoint firewall... Need route help!
I am trying to set up a complicated system of firewalls stacked on one another inside of a DMZ.
I have configured a CheckPoint as my outside (outside to the DMZ) firewall facing the public...
The problem is, the ASA is in routed mode (layer 3) and not transparent mode (layer 2). Although all of the devices in the configured DMZ are on the same subnet, they require routes to move traffic from one device to another. Especially between the ASA and the F5.
The ASA has to be in routed mode in order to seperate protected and unprotected networks. Our Core switch that sits behind the ASA is on a completely different VLAN and needs to be fenced off behind the DMZ.
The ASAs will be set up as a bank of ASAs that the F5-LTM load balances in a round-robin configuration.
Each of the ASAs are 5520s and cannot be configured like the 5505s in a transparent mode, and still accomplish the same goal. The ASAs are routers themselves. They are the last line of defence. before inbound traffic reaches our internal devices. The ASAs are configured for SSL VPN connectivity. Thus we need "inside" interface routes and "outside" interface (VLAN 115) routes.
The F5 in this scenario will act like a router as well, taking inbound packets from the CheckPoint, load balancing the packets, sending them to one of the ASAs in a bank of ASAs and then to the Core switch. Outbound traffic is coming from the Core switch, through one of the ASAs and and then to the F5 where it then routes the packets to the CheckPoint and then out to the public.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects