My csm currently is configured as the routing mode and bridge mode, resently I have a service requirement which I think the one arm mode should be the best resolution. Can anybody let me know if there will be any affect if I add the one arm mode to the currently production environment?
Thanks in advance.
no problem to add one-arm to this design.
However, one-arm is NEVER the best solution.
This is always the EASIEST to deploy but you will very quickly see the limit of it.
You need to guarantee that the server response goes through the CSM when going to the client.
In one-arm, the server usually bypasses the CSM so client nat is required which prevent the server to know the client ip ....
One-arm looks easy but it's not.
Thanks for your quick response. I notice you have same opinion about the one arm mode in your other post, but I think in the multi-tire data center design with fw in bridge mode and csm in one arm mode with RHI, do give us a lot of flexibilty. If I use policy routing instead of source nat, can I overcome these limit you metioned?
Do you know who csm could handle the TFTP traffic? I may have too much question, I am realy looking for your suggestion.
you can use policy routing to avoid client-nat.
One-armed is usually a good idea when you have a lot of traffic to/from the servers that do not need to be loadbalanced and therefore do not need to go through the CSM.
About FW and CSM design, the best option I see is CSM in bridge mode with the FW being the default gateway for the servers.