Forum Discussion
STTR_85331
Nimbostratus
Mar 31, 2011LTM DMZ Design Question
Greetings,
We have been running a pair of LTMs in production for several years in what I would consider "one-armed" mode in that the traffic flows as follows:
Internet<-->Firewall...
Hamish
Cirrocumulus
Apr 02, 2011Regarding the public addressing the LTM. There's two main differences. Latency (No NAT should mean very very slightly less latency) - probably only discernable if you have a very heavily loaded firewall. And support. It's easier to trace things when you're trying to find a problem if there's fewer points of translation.
FWIW I always like the fewest NAT's as possible.
Oh... Also internal and external hosts know the service by the same IP. Which means you don't get confusion when someone starts talking about IP's etc (And if you don't think it's a problem, I'd be glad to provide endless stories of literally weeks wasted because you can't find people who know what IP a particular service appears as on a particular network because of the multiple times it's NAT'ed as it crossed peoples networks....
H
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects