Forum Discussion
Jun 06, 2011
Moving ASM to Standalone Configuration
Can anyone please assist me on this.
We have an exisitng HA Pair of 3600's running LTM and ASM on Version 9.4.8, we want to split the functionaility and run ASM on an additional HA pair of 6400's on Version 10.
I have seen two methods, one in the deployment guides called
Deploying the BIG-IP LTM with Multiple BIG-IP Applications Security Managers.pdf
The second being: sol9372 - Configuring BIG-IP ASM in transparent bridge mode
Can anyone point me in the right direction here on which would be the recommended path to achieve this?
Thanks
- Mike_MaherNimbostratusI can tell you that we have something similar currently deployed. Our LTMs and ASMs are on seperate hardware. Basically we run LTMs and ASMs in our DMZ and then LTMs on the internal network in front of the servers. So the traffic for an external facing web application hit the LTM gets load balanced to an ASM and the ASM runs the traffic through policy, then sends the traffic to an internal LTM pool which load balances it to a server. This design has worked pretty well for us. Let me know if you have any specific questions
- Thanks so if you check page 3 on the deployment guide;
- Mike_MaherNimbostratusSimilar but actually our external and internal LTMs are physically seperate devices. The externals live in a DMZ behind our firewall and the internals, obviously live behind a firewall on our internal network.
- Thanks Mike
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects