Have a question or want to start a discussion? Post it! No Registration Necessary. Now with pictures!
April 15, 2010, 10:15 am
rate this thread
We currently have a route through
Checkpoint external Firewall,
F5 load balancer,
Checkpoint internal FW to
(DMZ role) Web servers.
Now it looks like the single external firewall easily works as a
"fuse", and becomes a failing bottleneck, when we test for a high
volume DoS attack (we have a gigabit line to the ISP side, with
smaller but upgradeable guaranteed bandwith). So to strenghten the
availablity and DoS resilience we are thinking, why not to get rid of
the external firewall totally? We could configure the F5 with all the
security features and use it also in an external firewall role...
Note that the external Cisco router anyway limits incoming traffic,
with a simple ACL, to a few virtual IP addresses and ports 80 and 443.
Do we really need a separate external firewall? Anyway, I can't find
any references of this kind of setups with F5 interfacing the
Internet. Maybe I better ask F5, but I would like to have an
- » NYC local event: Unigroup's 17-Oct-2019 Meeting: SDN/SDP - So...
- — Newest thread in » Networking Firewalls
- » AT&T Proposes Tweaks to FCC's C-Band Auction Plan [telecom]
- — The site's Newest Thread. Posted in » General Telecommunications Forum