Forum Discussion

Mariappan_S_156's avatar
Mariappan_S_156
Icon for Nimbostratus rankNimbostratus
May 22, 2014
Solved

Deployment of F5 APM - SSL VPN,

hi all,

 

We go to deploy F5 apm for a SSL VPN in our environment, we need experts advice to design the deployment. We are presently using Microsoft UAG and our current setup is below

 

Public -> Checkpoint -> UAG(in DMZ with 2 arm - 1 lan and 1 for dmz)

 

Pls help us.

 

application delivery
BIG-IP Access Policy Manager (APM)
deployment
design
LTM
security

12 Replies

Sort By
  • kunjan's avatar
    kunjan
    Icon for Nimbostratus rankNimbostratus
    May 22, 2014

    You can follow the same topology with 2-arm (DMZ and LAN). Is there anything specific you are looking for?

     

    • Mariappan_S_156's avatar
      Mariappan_S_156
      Icon for Nimbostratus rankNimbostratus
      May 23, 2014
      Thanks for reply. Our vendor has advises us to put firewall between F5 device and LAN connectivity and all the traffic between F5 to LAN should travel through mention firewall. Can F5 box do the firewall protection for LAN connectivity? What is your advice? Need a firewall or can achieve firewall protection with F5 itself.
  • kunjan_118660's avatar
    kunjan_118660
    Icon for Cumulonimbus rankCumulonimbus
    May 22, 2014

    You can follow the same topology with 2-arm (DMZ and LAN). Is there anything specific you are looking for?

     

    • Mariappan_S_156's avatar
      Mariappan_S_156
      Icon for Nimbostratus rankNimbostratus
      May 23, 2014
      Thanks for reply. Our vendor has advises us to put firewall between F5 device and LAN connectivity and all the traffic between F5 to LAN should travel through mention firewall. Can F5 box do the firewall protection for LAN connectivity? What is your advice? Need a firewall or can achieve firewall protection with F5 itself.
  • kunjan's avatar
    kunjan
    Icon for Nimbostratus rankNimbostratus
    May 23, 2014

    The use of firewall on the LAN side will help to control the VPN user traffic, provided you require to have granular control on the VPN traffic.

     

    • Mariappan_S_156's avatar
      Mariappan_S_156
      Icon for Nimbostratus rankNimbostratus
      May 23, 2014
      I accept, But pls confirm, how possible the same granular control through ACL in F5 APM. If we can then we skip the additional firewall purchase.
  • kunjan_118660's avatar
    kunjan_118660
    Icon for Cumulonimbus rankCumulonimbus
    May 23, 2014

    The use of firewall on the LAN side will help to control the VPN user traffic, provided you require to have granular control on the VPN traffic.

     

    • Mariappan_S_156's avatar
      Mariappan_S_156
      Icon for Nimbostratus rankNimbostratus
      May 23, 2014
      I accept, But pls confirm, how possible the same granular control through ACL in F5 APM. If we can then we skip the additional firewall purchase.