Forum Discussion
F5 WAF Request not receiving
Hi All
We have Checkpoint firewall and F5 WAF device and the traffic from external/public first comes to the Firewall then redirected to WAF Virtual Server and both are on the same subnet however, we can get a log the traffic from public to the WAF Virtual Server ip on firewall however the f5 doesnt have any hit for that particular VS. When I bypass the traffic from WAF it started working. when I try tcp dump on the firewall I got the following
tcpdump -i eth0 host 172.16.1.254 > tcpdump.txt
[1_02]11:33:49.859081 IP 172.16.1.254 > 196.190.62.11: ICMP host 172.16.1.254 unreachable - admin prohibited filter, length 68
Kindly assist me on this issue
- Jeffrey_GranierEmployee
Hello,
So the topology is like this? Internet User --> Chpt FW -----> F5 BIG-IP WAF VS ----> Origin/PoolsYour not seeing any traffic hits on the BIG-IP VS that has a WAF policy applied on?
Can you run sample external curl tests to the BIG-IP VS, are you seeing traffic stats and or connection table entries on the BIG-IP? Is the VS setup to listen on the appropriate vlans? for TCPdump you will want to use the dataplane interfaces... If this is a non-prod unit tcpdump -i 0.0 should cover all data plane interfaces and include the VS IP in the filter. Can you post the vs config ?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com