For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

eatstmanpdx_205's avatar
eatstmanpdx_205
Icon for Nimbostratus rankNimbostratus
Sep 09, 2015

Logical separation of internal and external environments

I'm working with the technical guys at a client and a question from one of the engineers comes up. Something like "Since we didn't buy the 5250V, how're we going to be able to isolate the internal and external environments?"

 

How would you respond to this question?

 

Partitions would seemingly help. Does anyone have experiences with this approach (good or bad) to share?

 

Thanks!

 

Evan

 

application delivery
cloud
design
LTM
security
vmware

4 Replies

  • eatstmanpdx_205's avatar
    eatstmanpdx_205
    Icon for Nimbostratus rankNimbostratus
    Sep 10, 2015

    The real question I should have been asking is: "Do route domains make administrative partitions more secure in some way?" The answer seems to be no so we'll be moving forward with administrative partitions without the added complexity of route domains.

     

  • arpydays's avatar
    arpydays
    Icon for Nimbostratus rankNimbostratus
    Sep 10, 2015

    Partitions won't provide any isolation of traffic between the environments, depending on your configuration RDs can be used for that.

     

    cheers

     

  • giltjr's avatar
    giltjr
    Icon for Nimbostratus rankNimbostratus
    Sep 10, 2015

    Are you talking about the configuration on the F5 or network traffic? If you are talking about configuration of the F5; virtual servers, pools, monitors, iRules, ect., then partitions will provide a security separations.

     

    If you are talking about network traffic flows. Then using separate physical interfaces along with route domains will keep the traffic separated.