NimbostratusHello community!
We have a customer interested in both Hybrid Defender + ASM on premise.
What I'd like to know if, there's a possibility to have both solution in the same hardware (i.e. i5800).
It would be a great proposal to have both solution in one box.
Thanks in advanced.
NimbostratusHi Leo,
In my opinion, there would be no benefit to that setup. ASM will do DDoS Protection just fine. The only benefit to potentially having Hybrid Defender do DDoS protection is the ability to handle heavier loads. You would need to purchase both a hardware i5800 with ASM License and the Hybrid Defender.
Look into the Silverline cloud-based security service that F5 offers. This does DoS protection in the cloud as well as many features of ASM. I believe that Hybrid Defender has an option to route traffic to Silverline when experiencing a DDoS attack.
Hope this helps!
Hi Leo,
Complementing the aforementioned:
DDoS Hybrid Defender (DHD) is a purpose-built DDoS mitigation solution that targets security buyers in the Enterprise and Service Provider markets. DHD, by design, does not include the rich Application Delivery Controller (ADC) capabilities found in Good, Better and Best bundles.
F5 DHD: If your customer wants a pure L3-L7 On-premises DDoS solution with a simplified configuration, F5 DHD is the best choice. This DDoS devices are typically deployed as default-allow devices.
F5 BEST Bundle: If your customer wants a full Multi-Purpose ADC, DDoS and WAF On-premises solution, F5 BEST Bundle is the best way to go. This devices are typically deployed as default-deny devices.
In both alternatives you can always complement them with F5 Silverline for the most comprehensive Hybrid DDoS solution (On-premises + Cloud).
Note from F5 DDoS Hybrid Defender 14.1.0-5.0 Release Notes:
DDoS Hybrid Defender requires the appropriate DDoS license. It enables one module flag mod_dos. That is the only module that can be active on the system.
I hope this helps!
