Forum Discussion

EvilRootSa_2832's avatar
EvilRootSa_2832
Icon for Nimbostratus rankNimbostratus
Oct 15, 2009

BIGip_9.4.*_Firewall feature?

Ive been told that BIGip can act as a firewall. Is this possible. My company has been told that BIGIP can act as a firewall and Im cusious to know if that is fact or not. If it is possible with LTM setup, how do you process your external to your internal port ACL?

 

 

EVR
management
monitoring

3 Replies

Sort By
  • EvilRootSa_2832's avatar
    EvilRootSa_2832
    Icon for Nimbostratus rankNimbostratus
    Oct 15, 2009
    In addition, when it comes to routing, if there is a Default Gateway(0.0.0.0 0.0.0.0 192.168.x.x) in the Route section of the BIGIP, wont all VS go to the Gateway shown the route statement?
  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    Oct 15, 2009
    I think you are refering the BIGIP ASM (Application Security manager). This is more or less an Application Layer firewall vs the traditional firewalls.

     

     

    CB
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Oct 16, 2009
    You can use packet filters to restrict access based on source and destination hosts/subnets and/or ports through LTM. ASM is a layer 7 firewall which can validate application traffic for HTTP(S), FTP and SMTP.

     

     

    As for routing, assuming you have self IP addresses defined on the VLAN that the pool members are on, I think LTM uses that VLAN to ARP for the pool member by IP address to send traffic to. Routing isn't used in that case. If you don't have a self IP on the same subnet as the pool members, then the routing table would be used.

     

     

    To send responses back to the original client, LTM uses a feature called auto lasthop to record the source MAC address and interface to send the response back to. Again, the routing table is not used for this.

     

     

    Aaron