Forum Discussion
NimbostratusRecommended Approach for EP on the Web [AX 2012]
Hi all,
I got this question from our AX team, any sugestion for a setup? We use only LTM and 11.2.1 and will upgrade to 11.3.0 For me it's look like they can skip the AD server in DMZ, move the EP web server to the LAN and open in the F5, 80 and 443.
Microsoft's recommended approach is that we should install Enterprise Portal in a DMZ and I believe there were also some requirements around AD servers, see diagram at http://technet.microsoft.com/en-us/library/dd361998.aspx
Do we have this facility or the ability to achieve same security with F5?
Regards Jan Rockstedt
2 Replies
What_Lies_Bene1Cirrostratus
Is this public/Internet facing?
- What_Lies_Bene1
Hey Jan,
It depends really. I can't see most enterprise security people agreeing to move the whole thing to the LAN but personally I'd have no problem with that assuming your confident your F5 is secure and whatever firewall you have at your Internet border is up to the job too.
Can I assume the DMZ and two tier firewall architecture isn't possible in your environment?
F5 device security wise, there's lots of things to think about, Port Lockdown, ICMP etc. rate limiting, disabling root access, ARP settings, audit logging, SSH/HTTPS mgmt idle timeouts, packet filters and a few others.
