IMHO - you shouldn't use BIG-IP F5 directly internet facing in 2025 if it's critical infrastructure, have it behind a cloud WAF and have the origin firewalled off to just the WAF service.
Discussion
Loading...
Post
@GossiTheDog Also, your sonicwall, fortinet, and palo altos firewalls should be behind a firewall and not exposed to the internet
@jerry @GossiTheDog what firewall do you recommend your firewall be behind?
@jerry @GossiTheDog I replaced a client's Asa with pfSense on Monday. About 3 minutes of downtime, that's how long I needed to ssh in and run arping to announce the new MAC to their upstream.
@jerry @GossiTheDog This is a wild take. What firewall *would* you expose to the Internet?
@ocdtrekkie @jerry I suspect they mean the management interface
use your firewall stack to protect your firewall stack
@ineedsleeps @GossiTheDog it's the only way to be sure
@cR0w @GossiTheDog I keep forgetting that there are still people who like to play with matches at the gas station
@jerry @cR0w @GossiTheDog Ivanti likes to play with cutting torches and live natural gas lines.
Bonfire community
This is a bonfire demo instance for testing purposes
Automatic federation enabled