Application Delivery (ADX)

Reply
Occasional Contributor
Posts: 6
Registered: ‎01-17-2011

I have some questions about ADX1000 How to protect my network

Hello everyone.

We need to protect our network from DDoS attack( especially web-service in DMZ).

We have some different servers (WEB) so balancing we will not use.

Now we use Cisco ASA5540 with module SSM-20 to protect our network.

But the last time during syn flood attack cisco was overload.

So we want to use Brocade before Cisco.

INTERNET--->Brocade---->Cisco---->Our network.

Is that a good idea?

Brocade ADX 1000 works with switch code!

There is outside interface on the Cisco has Internet address

Here I can't understand, how to use virtual/real servers in that case.

In my opinion Brocade in switch mode must not have any ip address for virtual/real servers.

Maybe I don't understand working Brocade in switch mode (with switch code)

Can someone explain this to me in brief? or give me a brief instruction

For example, I use eth1 for external network, eth2 for internal network (on Brocade)

Best regards, Vladimir.

Contributor
Posts: 24
Registered: ‎11-03-2010

Re: I have some questions about ADX1000 How to protect my network

Hi Vladimir,

I would not propose to use a ADX in front of a firewall. ADX is for loadbalancing and ASA is for security. Only if you want to balance lots of ASAs with ADX and build a Firewall Sandwich.

The ASA has many feature to mitigate attacks. Search for >Preventing Network Attacks with ASA<.

There is also a special feature in ASA specialized for DDOS attacks called Botnet Traffic Filter. There's a good white paper about that called 'Combating Botnets Using the Cisco ASA Botnet Traffic Filter' at http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/white_paper_c11-532091.pdf

-Alexander

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

Click to Register
Download FREE NVMe eBook