For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

wilko_113503's avatar
wilko_113503
Jun 06, 2011

Moving ASM to Standalone Configuration

Can anyone please assist me on this.     We have an exisitng HA Pair of 3600's running LTM and ASM on Version 9.4.8, we want to split the functionaility and run ASM on an additional HA pair of 6...
app sec
BIG-IP Access Policy Manager (APM)
security
Mike_Maher's avatar
Mike_Maher
Icon for Nimbostratus rankNimbostratus
Jun 06, 2011
Similar but actually our external and internal LTMs are physically seperate devices. The externals live in a DMZ behind our firewall and the internals, obviously live behind a firewall on our internal network.

 

 

Yes our ASMs are both Active behind the external LTM.

 

 

I guess it would depend how you feel about the security of VLANing if you wanted to use the design concept in this document. Personally I prefer the physical separation of the 2 LTMs. From a security perspective having the external LTM out in a DMZ allows us to only allow the ASMs access to the internal LTM. I would rather have the external traffic stop in the DMZ and be proxied by the ASM, that way the external requests are never directly going to a device on our internal network.