cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

F5 DNS listener protection from DDOS and other attacks

Harutyun
Nimbostratus
Nimbostratus

We have F5 Big-IP VE with license GTM(DNS). I have configured gslb.example.com zone in ZoneRunner and delegate it in our external (ISP) DNS servers in order to our clients get information for zone gslb.example.com from our F5 big-IP VE. Notify, that there is a PaloAlto 3020 in front of F5 Big-IP VE.

How can I protect my DNS Listeners from DDOS and other attacks?

4 REPLIES 4

Samir
Nacreous
Nacreous

Modern security device has the capabilities to protect ​network from attack such as DOS, DDOS, Syn flood etc. As you said palo alto is front then F5 DNS. So these devices has DDOS protection machanism. If possible add one more layer between palo alto n F5 DNS.

Thanks​

Harutyun
Nimbostratus
Nimbostratus

Hi  . Thank you for your respond. What do you mean one more layer between PA and F5 DNS? Is there necessary to implement F5 AWAF with DNS?

AWAF will not help here.you can add additional L3 layer(i.e firewall,etc)

We also have Cisco router(Nat, VPN, Acces Lists) in front of PA.