Jose_Loera_1179
Nimbostratus
NimbostratusGTM and LTM design
Should there be a firewall added to my design before a request hits my webservers?
Forum Discussion
8 Replies
dickeypjeep_116Cirrus
LTM is a firewall, so by adding a firewall you don't gain anything; you just add complexity.
Jose_Loera_1179Is LTM a full blown firewall just like Microsoft TMG?- dickeypjeep_116Yes, that and more. LTM + APM can completely replace TMG including authentication offload, etc. With AFM, you can manage the BIG-IP platform as a layer 3/4 firewall, and ASM will provide full layer 7 protection. LTM is default deny, so it provides layer 3/4 fire-walling, plus it handles SSL so it firewalls at layer 5 as well. The BIG-IP is definitely a security device :)
Tosin_OmojolaAltostratus
Actually, I think F5 comes more like a one-size fits all appliance. I wouldn't see a reason to deploy another solution once F5 is in place unless the service is free and really meets the need. F5's got all that's needed to secure an IT infrastructure.
You're very correct
IheartF5_45022Nacreous
To continue with dickeypjeep answer, LTM is ICSA-certified firewall by itself (without AFM), however AFM makes management easier and also moves some of the firewall function into TMM core rather than being executed in software using iRules.
- Techgeeeg
Hi Jose,
If you only have GTM+LTM then yes you will need a firewall coz this GTM+LTM combo can't offer you IDS+IPS functionality also this combo may also not offer you other layers of firewalling... if you have APM & ASM added as well then no need for firewall.
Regards,
- Jose_Loera_1179
Thank you for the responses, but if all you need is port 433 and 80 should I add that layer on top of what we have?
- dickeypjeep_116No, there's no need. The F5 LTM will handle that. A l3/l4 firewall won't add any value at all.