SAM_81082
Jul 27, 2012Nimbostratus
F5-3600 Application Security Module Design
Hi all F5 experts ,
1) We want to use F5 load balancer to comply with PCI standards.We have to use only Application security module feauture for some of the criticial server in DMZ segment.
Need your valuable suggesion on below points
a) Do we need to configure LB in Inline Mode or One arm condition
b) If we use in Inline mode then LB will be default gateway for all DMZ server though some of the server does requires ASM feature.
c) Is it possible in LB to inspect only limited server IP address while exclude rest other IP's from DMZ segments.
Traffic Flow
------------------------------------------------------------------------------------------------------
Firewall ----> Proposed Load Balancer ( Application security Module) ---> DMZ Server
-----------------------------------------------------------------------------------------------------
Please suggest which method we can use for this setup.
Regards
TIA
SAM