LTM/AFM design when migrating from traditional FW platform

Question

Hi,&nbsp;
I'm new to F5 and I'm supposed to be migrating an existing FWSM/ACE configuration to F5 LTM/AFM.  I'm currently learning the ropes using a VE appliance and I'm wondering if someone can offer some guidance or tips on replicating a NAT/ACL environment on LTM with AFM.&nbsp;
Is it possible to create NATs and allow inbound traffic (from low security zone like the internet) without using virtual-servers?  Or does everything that needs inbound connectivity require a virtual-server?&nbsp;
Thanks&nbsp;

what_lies_bene1 · Answer

You can use NATs and SNATs for that purpose yes.&nbsp;
You could also create wildcard Virtual Servers and use rules against those.&nbsp;

what_lies_bene1 · Answer

Sorry for the delay, can you provide some examples of what you are trying to achieve please?&nbsp;
Right now I'm rather stuck!&nbsp;

branfarm_139474 · Answer

I actually started a new thread to address some of the specific NAT issues I'm facing: https://devcentral.f5.com/questions/snat-and-nat-on-difference-vlans&nbsp;

Forum Discussion

LTM/AFM design when migrating from traditional FW platform

3 Replies

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

ASM subsystem error

ISP link latency

Running version of Tenant during Deployement shows Unavailable

is it possible to upgrade Tenants without Pushing Tenant Image from F5OS

f5 asm reporting aggregate

Related Content

Modernizing F5 Platforms with Ansible

uCS platform-migrate

Automating F5 Application Delivery and Security Platform Deployments

Migrating to iSeries From Older Platforms: It's About Time

F5 Distributed Cloud Platform: Right Tools for the Right Jobs – Cloud Migration

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS