On 30 Sep 1999, Chris Shenton wrote: > On Thu, 30 Sep 1999 11:25:06 +0100, "Cleaver, Richard J" <Richard.Cleaverat_private> said: > > Cleaver,> I have been asked to investigate the effect of implementing > Cleaver,> the BigIP Controller from F5 networks. It has been proposed > Cleaver,> to place this device (of which I have no experience) on the > Cleaver,> dirty side of internet facing firewalls to achieve firewall > Cleaver,> load balancing. Does anyone know of any security issues with > Cleaver,> this device? > > It's a UNIX box under the covers, BSDI. They seem to have done a good > job of locking it down and are ssh-aware. Tho I was surprised to see > they had IP forwarding enabled so I could route right through it. This is something you can turn on and off throught the interface. > state if the firewall it's using dies. There are a couple vendors who > sell solutions specific to CheckPoint Firewall-1 but I'm unaware of > fault-tolerant solutions for Gauntlet. We're planning on doing it with > dynamic routing with our routers and back-end servers. Supposedly the latest version of the BIGip software will actually transfer state information about users between the boxes. (It was just released within the last few days) Gregory >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:42:15 PDT