Prev: Security Tool virus (fake spyware program)
Next: firewall speed
From: app on 15 Apr 2010 06:15
We currently have a route through

a router,
Checkpoint external Firewall,
F5 load balancer,
Checkpoint internal FW to
(DMZ role) Web servers.

Now it looks like the single external firewall easily works as a
"fuse", and becomes a failing bottleneck, when we test for a high
volume DoS attack (we have a gigabit line to the ISP side, with
smaller but upgradeable guaranteed bandwith). So to strenghten the
availablity and DoS resilience we are thinking, why not to get rid of
the external firewall totally? We could configure the F5 with all the
security features and use it also in an external firewall role...

Note that the external Cisco router anyway limits incoming traffic,
with a simple ACL, to a few virtual IP addresses and ports 80 and 443.
Do we really need a separate external firewall? Anyway, I can't find
any references of this kind of setups with F5 interfacing the
Internet. Maybe I better ask F5, but I would like to have an
independent opinion/experience...

 | 
Pages: 1
Prev: Security Tool virus (fake spyware program)
Next: firewall speed