Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

F5 DNS listener protection from DDOS and other attacks

Harutyun
Nimbostratus
Nimbostratus

‎28-Mar-2020 03:50

We have F5 Big-IP VE with license GTM(DNS). I have configured gslb.example.com zone in ZoneRunner and delegate it in our external (ISP) DNS servers in order to our clients get information for zone gslb.example.com from our F5 big-IP VE. Notify, that there is a PaloAlto 3020 in front of F5 Big-IP VE.

How can I protect my DNS Listeners from DDOS and other attacks?

Labels:
0 Kudos
4 REPLIES 4

Samir
MVP
MVP

‎11-Apr-2020 18:54

Modern security device has the capabilities to protect ​network from attack such as DOS, DDOS, Syn flood etc. As you said palo alto is front then F5 DNS. So these devices has DDOS protection machanism. If possible add one more layer between palo alto n F5 DNS.

Thanks​

0 Kudos

Harutyun
Nimbostratus
Nimbostratus

‎12-Apr-2020 22:59 - last edited on ‎24-Mar-2022 01:23 by Fog

Hi  . Thank you for your respond. What do you mean one more layer between PA and F5 DNS? Is there necessary to implement F5 AWAF with DNS?

0 Kudos

Samir
MVP
MVP
In response to Harutyun

‎12-Apr-2020 23:19

AWAF will not help here.you can add additional L3 layer(i.e firewall,etc)

0 Kudos

Harutyun
Nimbostratus
Nimbostratus
In response to Samir

‎13-Apr-2020 00:04

We also have Cisco router(Nat, VPN, Acces Lists) in front of PA.

0 Kudos
Copyright © 2023 Khoros, LLC