Forum Discussion

Irfan_Gazi_3882's avatar
Irfan_Gazi_3882
Icon for Nimbostratus rankNimbostratus
Oct 01, 2008

Web Server in the Intranet

I am planning to have an ASM in the DMZ talking to the WEB server (f5 loadbalanced) in the Corporate server farm.

 

Would i have some issues (security, design etc) with this design.

 

 

I will make the traffic from the internet hit the First Firewall (Public IP) and then NAT it to go to ASM (Inspection). From there it will cross another firewall (NO NAT here) and reach a F5 loadbalancer where i have my webserver.

 

 

Thanks

 

 

5 Replies

  • Hi irfangazi,

     

     

    Can you explain your concern(s) with the architecture?

     

     

    It's fairly common to have a firewall - ASM - firewall - www server - app server - database architecture. It sounds like you're considering something like: firewall - ASM - firewall - BIG-IP LB'er - www server - app server - database

     

     

    Out of curiosity, do you have separate ASM and BIG-IP load balancing units? Is the BIG-IP a 6400 or higher? If so, you could run ASM on that.

     

     

    Aaron
  • Yes I have a separate ASM and BIGIP loadbalancing. ASM is in DMZ and BIGIP LTM is in the intranet.

     

    BIGIP is 3xxx series.

     

     

    Yes i am considering

     

    firewall - ASM - firewall - BIG-IP LB'er - www server - app server - database.

     

    And in the Loadbalancer i have to do some kinda loopback for the application servers to talk to the databases and other redundant application servers.

     

     

    Thanks
  • I found this thread in a search and am curious about what you decided on. We have similar needs, but allowing Internet traffic to hit anything on our intranet, even through the ASM, gives me the heebeegeebees.