is the application firewall a standalone product (different VM) or a traffic manager add-in?
What are the
- firewall admin module
- firewall decider (per core)
- firewall proxy enforcer module
- firewall webserver enforcer module
Are them all necessary for a "base" application firewall installation?
Where can I find some deployment document?
Solved! Go to Solution.
It's comes packaged in 2 forms indeed:
In the latter case, it will be your requirements and architectural needs that decide how many of each you'll need. With the integrated package, there's little to discuss and to decide, since it's prepackaged in the traffic manager.
Simply put (and I may cut some corners here):
As for further documentation: try this http://community.riverbed.com/t5/Documentation/Stingray-Technical-Documentation/td-p/17800
in case that I would like a complete solution, what would I need?
just proxy enforcer+web server enforcer (depends if/how many..) +decider+admin module? or the firewall itself too? How they integrate with traffic manager?
Because I see also virtual/non virtual 1000,2000 and 4000 firewall versions.. what are those?
in case that I would like it to be integrated in the traffic manager:
So this is not on traffic manager but I need as many copy of this "software" to be installed on my ISS, apache or whatever webserver I would like to be handled by the application firewall?
The decider needs to be installed on a standalone VM (for example) or it's integrated in the traffic manager?
The admin module needs to be installed on a standalone VM (for example) or it's integrated in the traffic manager?
From the speecsheet:
The Enforcer module integrates with the following web / app servers:
Linux: Apache 2.0, 2.2; Apache Tomcat 5.5, 6.0
Windows: IIS 6, 7; ISA 2006; IAG Server 2007
Are't newer ISAs supported? (i.e. TMG)
First question always will be:
standalone or integrated?
If you go for integrated with traffic manager, order the appropriate sku and you're done: the firewall will be enabled on the traffic manager and any traffic you direct through the traffic manager can be sent through the app firewall too. Just enable the app firewall on the virtual server and you're done. (well apart from setting up the filtering rules in the firewall ofcourse).
If you choose the standalone app firewall, get at least one of each for a functional solution: 1 enforcer, 1 decider, 1 admin server license and scale to your needs. As for what you'll need: that depends on your web infrastructure. Some require a proxy enforcer, some require a webserver enforcer.
what are the SKU's for the traffic manager firewalls?
Have you got them for all the sizing available?
I am just looking to provide a full traffic manager+application firewall(+ stingray aptimizer for sharepoint) solution
I know a rep could help me but for my actual researches that would help me enourmously...
I am a ltittle bit confuse also by this too
You'll need only one SKU for the app fw option; which one will depend on which traffic manager SKU you have. Yes, they're available for each size
The EOA notice you cite is because you no longer need to choose the form factor when you buy the product; the same SKU covers both software and virtual applicance. Hence some SKU are now not necessary.
So, for me:
- Virtual Traffic manager (L,H or M)
- RASP support for virtual traffic manager
- Traffic manager application firewall (as a module of my traffic manager and related to its size)
- RASP support for application firewall
- Aptimize for Sharepoint
- RASP support for Aptimize for Sharepoint
I know your working to integrate
it as for the application firewall but now it's not like that and that's a dedicated plugin
1) is it enough to have a complete traffic manager+application firewall+aptimizer for sharepoint?
2) Does aptimizer for sharepoint licensing is paying for seats AND for number of servers AND iwth the 1000 serie you can just optimize LAN connections? (and not Wan if the service is exposed..)
The answer to "Does aptimizer for sharepoint licensing is paying for seats AND for number of servers" is yes. I don't understand the last part of your question. Can you clarify?