Forum Discussion
Irfan_Gazi_3882
Nimbostratus
NimbostratusWeb Server in the Intranet
I am planning to have an ASM in the DMZ talking to the WEB server (f5 loadbalanced) in the Corporate server farm.
Would i have some issues (security, design etc) with this design.
I will make the traffic from the internet hit the First Firewall (Public IP) and then NAT it to go to ASM (Inspection). From there it will cross another firewall (NO NAT here) and reach a F5 loadbalancer where i have my webserver.
Thanks
Irfan_Gazi_3882Any thoughts here- Irfan_Gazi_3882Any thoughts here
hoolioCirrostratus
Hi irfangazi,
Can you explain your concern(s) with the architecture?
It's fairly common to have a firewall - ASM - firewall - www server - app server - database architecture. It sounds like you're considering something like: firewall - ASM - firewall - BIG-IP LB'er - www server - app server - database
Out of curiosity, do you have separate ASM and BIG-IP load balancing units? Is the BIG-IP a 6400 or higher? If so, you could run ASM on that.
Aaron- Irfan_Gazi_3882Yes I have a separate ASM and BIGIP loadbalancing. ASM is in DMZ and BIGIP LTM is in the intranet.
BIGIP is 3xxx series.
Yes i am considering
firewall - ASM - firewall - BIG-IP LB'er - www server - app server - database.
And in the Loadbalancer i have to do some kinda loopback for the application servers to talk to the databases and other redundant application servers.
Thanks 
matt_64003Cirrus
I found this thread in a search and am curious about what you decided on. We have similar needs, but allowing Internet traffic to hit anything on our intranet, even through the ASM, gives me the heebeegeebees.