Question on Routing when F5 is Default Gateway

Question

I have a setup where the F5 serves as default gateway for 25 VLANs on the DMZ. The F5s default gateway is a Palo Alto 5000. The Palo has a route to 10.10.0.0/24 via 10.1.0.2 and is redistributing that route via OSPF. The F5 has a IP-forwarding virtual server configured.&nbsp;
PA (10.1.0.1/28) &lt;--VLAN 1--&gt; (10.1.0.2/28) F5 (10.10.0.1/24) &lt;--VLAN 10--&gt; Server (10.10.0.100/24)&nbsp;
Here's my conundrum:&nbsp;
Pings from the PA to 10.1.0.2: successfulPings from the PA to 10.10.0.1: unsuccessfulPings from the PA to 10.10.0.100: successfulPings from the F5 (VLAN 10) to 10.1.0.1: unsuccessfulPings from the Server to 10.1.0.1: successful
All in all, the setup works but if I try to ping or traceroute from interface VLAN 10 on the F5 to anything left of the F5, I receive "Destination Host Unreachable". &nbsp;
Any ideas?&nbsp;

stanislas_piro2 · Answer

Hi,&nbsp;
For security reasons, F5 does not allow packet to self IP from another VLAN than defined in Self.&nbsp;
As F5 does not filter self IP sources in port lockdown, filter is only done on VLAN.&nbsp;

Forum Discussion

Question on Routing when F5 is Default Gateway

1 Reply

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

Long URL Redirecting

APM Access Policy|SSLVPN | SAML auth questionnaires

Azure Virtual Machine Scale Set (VMSS) with F5 LTM

F5 DNS Generic Host

Which encyrtion algorithm is used when making Kerberos ticket encyrtion.

Related Content

FQDN nodes in non-default route domains

BIG-IP Next: iRules pool routing

Setting default route using VLANs

BIG-IP High Availability with Azure Route Server

A Closer Look at mTLS and the Default Server in F5 NGINX

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS