Forum Discussion

Nimbostratus

Oct 16, 2012

Auto last hop enabled with Checkpoint firewall

We have a pair of F5 LTM 3900's running version 11.1. We were able to ping Virtual servers from our Internal hosts thru a Checkpoint cluster. Once we turned auto-last hop on per vlan we can no longer...

config

design

jal1230_40013

Nimbostratus

Oct 16, 2012

The checkpoints are not running VRRP Cluster XL. I ran captures on both the Firewall and F5. The ICMP traffic gets to the F5 and The Checkpoint receives it back from the F5. You can ping the Virtual servers from the Checkpoint, however the ICMP responses never gets back to my terminal on the inside network. Once I turn Auto last hop off on the vlan on the F5 I get replies at my terminal.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Auto last hop enabled with Checkpoint firewall

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

Route Domains HA & Traffic Groups

Horizon View iApp - Big-IP 17.5

r4600 Tenant CPU Assignment

BGP Over 2 vlans to 2 Network switch

Buy F5 Big-IP Virtual Edition Lab licence in FR

Related Content

Integrating SSL Orchestrator with CheckPoint Firewall VM-Explicit Proxy

Integrating SSL Orchestrator with CheckPoint Firewall VM-Bridge Mode (L2)

Integrating SSL Orchestrator with CheckPoint Firewall VM-Transparent Proxy

F5 AFM/Edge Firewall and the difference between Edge Firewalls and Next-generation Firewalls (NGFW)

Securing the LLM User Experience with an AI Firewall

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS