Forum Discussion

saddiq_bilal's avatar
saddiq_bilal
Icon for Altocumulus rankAltocumulus
Jun 27, 2025
Solved

Same load balancer for all traffic

Hello all,   We are designing an architecture for our customer and configuring a single physical F5 for external (public IP) , DMZ vips and internal VIPs. i need your help to understand the risk as...
application delivery
security
  • Aswin_mk's avatar
    Aswin_mk
    Jun 27, 2025

    Hi,

     

    As per suggested design, you will have a physical Load balancer for internal, DMZ and external VIPs. I have feedback in the security side. The single load balancer for all application leading into security risks(Increased Attack Surface) and A single point of failure for all zones. a feedback on this as

    Ø  Implement route domains(isolates network traffic) and partitions based on zones to logically separate routing between the zones(Logically separate the load balancer into 3).

    Ø  Lock down Self IPs using port lockdown(Never expose Self IPs directly to the internet/internal – for restrict management plan access)

    Ø  You have to use the  security modules 

    o   Use AFM (Advanced Firewall Manager) for zone-specific firewall rules. Enable DOS.

    o   Use ASM/WAF for protecting web applications, especially in DMZ/external services.

     

    BR
    Aswin

saddiq_bilal's avatar
saddiq_bilal
Icon for Altocumulus rankAltocumulus
Jun 28, 2025

Hi  Communities,

 

Any other suggestion/feedback on the deployment?