Re: BigIP controller - any issues?

[Gregory Blake <greg () healthgate com>]

On 30 Sep 1999, Chris Shenton wrote:

> On Thu, 30 Sep 1999 11:25:06 +0100, "Cleaver, Richard J" <Richard.Cleaver () capgemini co uk> said:
>
> Cleaver,> I have been asked to investigate the effect of implementing
> Cleaver,> the BigIP Controller from F5 networks. It has been proposed
> Cleaver,> to place this device (of which I have no experience) on the
> Cleaver,> dirty side of internet facing firewalls to achieve firewall
> Cleaver,> load balancing. Does anyone know of any security issues with
> Cleaver,> this device?
>
> It's a UNIX box under the covers, BSDI. They seem to have done a good
> job of locking it down and are ssh-aware. Tho I was surprised to see
> they had IP forwarding enabled so I could route right through it. 

This is something you can turn on and off throught the interface.

> state if the firewall it's using dies. There are a couple vendors who
> sell solutions specific to CheckPoint Firewall-1 but I'm unaware of
> fault-tolerant solutions for Gauntlet. We're planning on doing it with
> dynamic routing with our routers and back-end servers.

Supposedly the latest version of the BIGip software will actually transfer
state information about users between the boxes. (It was just released
within the last few days)

Gregory
>