Firewall Wizards mailing list archives
Re: BigIP controller - any issues?
From: Chris Shenton <cshenton () uucom com>
Date: 30 Sep 1999 14:16:47 -0400
On Thu, 30 Sep 1999 11:25:06 +0100, "Cleaver, Richard J" <Richard.Cleaver () capgemini co uk> said: Cleaver,> I have been asked to investigate the effect of implementing Cleaver,> the BigIP Controller from F5 networks. It has been proposed Cleaver,> to place this device (of which I have no experience) on the Cleaver,> dirty side of internet facing firewalls to achieve firewall Cleaver,> load balancing. Does anyone know of any security issues with Cleaver,> this device? It's a UNIX box under the covers, BSDI. They seem to have done a good job of locking it down and are ssh-aware. Tho I was surprised to see they had IP forwarding enabled so I could route right through it. You'll need two, if you're interested in fault-tolerance -- which is why you're getting the BIG/ip in the first place I expect. For what they do, I think they're a bit pricey. RND has a "fireproof" product which does this, but I've grown to loathe their interface for normal load balancers, and their tech support (human and online) leaves a lot to be desired. Foundry has very cost-effective balancing switches which can be done as dual redundant pairs and I've found their humans quite responsive; only have a little hands on with this product though -- talk to them to see if they'll satisfy your application. I don't think any of the classic balancers can recover a session's state if the firewall it's using dies. There are a couple vendors who sell solutions specific to CheckPoint Firewall-1 but I'm unaware of fault-tolerant solutions for Gauntlet. We're planning on doing it with dynamic routing with our routers and back-end servers.
Current thread:
- BigIP controller - any issues? Cleaver, Richard J (Sep 30)
- Re: BigIP controller - any issues? Chris Shenton (Sep 30)