Forum Discussion

kazeem_yusuf1's avatar
Icon for Nimbostratus rankNimbostratus
Aug 11, 2017


Can the F5 LTM be used to securely publish web applications in a DC,(TMG REPLACEMENT) in case where an organization is moving towards discontinuing TMG?


I know SWG is the best replacement for TMG,but,how can it be done if the only license is LTM?




  • LTM is used to secure web apps. LTM is a layer 7 firewall so it will do a better job than TMG. Now there are two parts to TMG one is web base security and the other is authentication/authorization. LTM does the security of the web part. If you need form base authentication before you access the server, you will need APM license too. LTM + APM will do everything you need. APM will handle the authentication/authorization and LTM will handle the web base. Now if the server is using SAML and the server is doing the redirection to SAML Auth then you do not need APM. Hope this will help. If you already have an F5 device I will just purchase the APM license instead of getting SWG and have to manage another device.


  • Irules can provide the Layer 7 protection. You can filter URL with IRULE , you can filter commands and Variable via IRules so LTM is much more than just a load balance device. It is a true man in the middle device and you can manipulate the data before it gets to the server. I agree with you that ASM is an extra security module and it is very good. My F5 devices has ASM, APM , FSM and LTM. So I can use any combination of the modules to secure app. But LTM is so much more than just a load balancer. You do need to learn how to program using IRULE