Forum Discussion
STTR_85331
Mar 31, 2011Nimbostratus
LTM DMZ Design Question
Greetings,
We have been running a pair of LTMs in production for several years in what I would consider "one-armed" mode in that the traffic flows as follows:
Internet<-->Firewall...
STTR_85331
Apr 02, 2011Nimbostratus
@Joel: In regards to having a public IP range outside your LTM and a private range behind it, I assume this means that on the internet facing firewall you are not doing address translation (NAT) but that you are effectively using the LTM for translations instead? If so is there a particular advantage to this vs. having your internet facing firewall do NAT and have private addresses in your DMZ both in front and behind the LTM? The latter is how we are currently configured, but I'd be interested to hear the pros/cons of doing it as you described.
-Simon.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects