Forum Discussion

Sushant's avatar
Sushant
Icon for Altostratus rankAltostratus
4 years ago
Solved

Placing F5 between application and database

What are the Pros and Cons of placing F5 between application and database ?
ASM Advanced WAF
database
security
TMOS
  • Daniel_Wolf's avatar
    Daniel_Wolf
    4 years ago

    The WAF would not do the policy enforcement on SQL level, but the database security product. The database security would signal the result to the WAF and then the WAF would either allow the request to pass or not.

Sushant's avatar
Sushant
Icon for Altostratus rankAltostratus
4 years ago

Trying to get big ip into the middle and use some of the negative as well as positive security models if possible ? How relevant is this Daniel in context of providing better security ?

Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP
4 years ago

I assume you have BIG-IP AdvWAF already in front of the application, in order to prevent application layer attacks like injection attacks or well-known attack against the database management system (Attack Signatures and/or TC).

The BIG-IP WAF is a Web Application Firewall. Adding it between the app and the database will not add any value, because this is not http traffic but sql traffic. You cannot apply any security policies here.

If you have a requirement to implement a firewall that is capable to look into sql traffic and to protect databases (additional to the protection that BIG-IP offers on the application level) - there are other vendors who offer database security products.