RE: Load balancer in lieu of firewall...

["Scott Brown" <scott.brown () kottmann com>]

I have recently evaled the BIGip HA+ configuration, and agree that there is
a lot of protection on inbound traffic.  What you gain is essentially NAT
and ACLs.  I don't believe that it addresses the whole picture.  If you ask
around at BIGip, you will find that one of their customers uses BIGip  to
load balance traffic across firewalls to avoid traffic bottlenecks at the
network demarcation point.  If they provide all firewall services, why would
someone (I believe it is the army) want to do this?

I use both.  Just my $0.02

Scott Brown

-----Original Message-----
From:   owner-firewall-wizards () nfr net [mailto:owner-firewall-wizards () nfr net]
On Behalf Of John Nanas
Sent:   Monday, May 24, 1999 9:52 AM
To:     firewall-wizards () nfr net
Subject:        Load balancer in lieu of firewall...

Greets to all-

Pardon the simple question, but I've been bombarded by marketing material
and now have little sense left in me to make a rational decision.

We've been investigating load balancers for a new website that we're going
to launch.  The site has to be reasonably secure, which is why we've
allocated budget for a firewall as well as a load balancer.  The makers of
the BigIP, F5 Labs, assure us that the packet filtering features of their
load balancer are sufficient, and that we don't need a firewall.

I need to make a case of this, in simple terms, to my superiors.  Granted
that the device does packet filtering, it offers a good deal of security.
It does not have a telnet interface, and all configuration takes place using
SSL.

Does anyone have a suggestion as to why this wouldn't work?

Thanks,
John Nanas