Forum Discussion

l_lupos's avatar
l_lupos
Icon for Nimbostratus rankNimbostratus
Jun 13, 2017

F5 Positioning between 2 Firewalls (checkpoint and fortinet)

Hi, I would like to ask if its possible to position the f5 inline between firewalls. Point to point connections.   FW1---F5---FW2   Each segment is separated by 2 vlans vlan 56 connecting on FW...
application delivery
LTM
k20's avatar
k20
Icon for Nimbostratus rankNimbostratus
Jun 13, 2017

Clients---FW1-----(VIP)F5----FW2----Servers Clients---FW1-----F5(VIP)----FW2----Servers

 

You can have either side of the F5 to be your virtual servers. Which FW is a default gateway for your F5?

 

If FW1 is a default gateway, you need a static route on the F5 to get to the servers with the next hop being the IP on FW2 facing the F5.

 

If FW2 is a default gateway, you need the traffic from the servers can get back to the clients through the F5. If your return traffic is not going through the F5 (you will face an asymmetric routing which your Checkpoint FW will drop by anti-spoofing or tcp packet out of state.

 

Related Content