Security Basics mailing list archives
AW: F5 and Load Balancing
From: "Raimar Melchior" <r.melchior () telonic de>
Date: Wed, 17 Jan 2007 18:29:38 +0100
The best and cost-effective way would be two buy two F5 boxes and configure them in HA. There is no need to buy two extra boxes for separation (sales guy would be very pleased !). If you have enough money invest it for the ASM (application security module), rather than to buy more boxes. More boxes need more administration tasks. They are well hardened and have a modified TCP-Stack (TMOS). Configure VLANs for separation and NAT to protect the nodes behind LTM (current boxes are called local traffic manager, not bigip). What do you mean with web tier ? Do you want to place the F5 directly in front of the internet with no firewall in front ? If yes, disable all unneeded services on the box, configure TCP wrappers and keep the system up-to-date. - Raimar -----Ursprüngliche Nachricht----- Von: listbounce () securityfocus com [mailto:listbounce () securityfocus com] Im Auftrag von Ethan_Steiger () Polk com Gesendet: Dienstag, 16. Januar 2007 19:10 An: security-basics () securityfocus com Betreff: F5 and Load Balancing My Network group would like to leverage F5's bigIP products to do load balancing in both the Web tier as well as the application tier of our networks. While I take no issue with that approach, I do have a level of paranoia regarding them using the same physical device. Am I justified in my concern? Should I require them to purchase two additional F5s for this implementation (HA configuration) or should I allow them to use the same F5 and use VLANS to separate them? What is the threat of using the same device? Does the costs justify the added expense? Lots of questions. Thanks, Ethan ______________________________ Ethan Steiger, CISSP=20 Chief Security Officer Polk Global Automotive=20 ethan_steiger () polk com
Current thread:
- F5 and Load Balancing Ethan_Steiger (Jan 16)
- RE: F5 and Load Balancing Stachowicz, Mark (Jan 17)
- RE: F5 and Load Balancing Hayden Searle (Jan 17)
- AW: F5 and Load Balancing Raimar Melchior (Jan 17)
- RE: F5 and Load Balancing Andre Christian (Jan 17)
- AW: F5 and Load Balancing Raimar Melchior (Jan 19)
- RE: F5 and Load Balancing Andre Christian (Jan 17)
- Re: F5 and Load Balancing Bryan Andrews (Jan 17)