Forum Discussion

Nimbostratus

Mar 31, 2011

LTM DMZ Design Question

Greetings, We have been running a pair of LTMs in production for several years in what I would consider "one-armed" mode in that the traffic flows as follows: Internet<-->Firewall...

config

design

Hamish

Cirrocumulus

Mar 31, 2011

My 2p... I don't bother load balancing protocols that load-balance themselves. e.g. SMTP. HTTP always. ftp sometimes...

One architecture I've had good experiences with (One that a colleague came up with. Hi Clarkie!) is to put the F5 between the firewall ad the DMZ's. You can use the F5 to route traffic vioa the firewall still where it has to traverse from one DMZ to another. And everything can be load-balanced without having to worry about firewalling (Because the firewall does it still), or SNAT.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

LTM DMZ Design Question

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

DNS/iQuery Question - Design Consideration

F5 Distributed Cloud (XC) Custom Routes: Capabilities, Limitations, and Key Design Considerations

F5 BIG-IP in Cisco ACI Multi-Site and Multi-Pod - Design Options

Mitigating OWASP Web Application Insecure Design using F5 BIG-IP Advanced WAF

The State Of HTTP/2 With F5 LTM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS