Routing and firewall policy

Hi Khuongnn77 , 

> Firstly , Make sure that you configure your web servers " 10.10.98./2" to use F5 interface self ip address " 10.10.98.9" as a Default Gateway as I see the web servers and Internal interface of F5 are in the same Vlan. 

> then , Configure a Virtual server " IP forwarding " type , and put ( web servers subnet as source and DMZ subnet as a destination ) as the traffic sourced from web servers to DMZ should match the DMZ subnet on F5 , Look below you need to configure like this : 

> I assume that you have configured your interfaces ips , Vlans as shown in your Figure. 
> then , Add a specific Route on F5 it self from ( Network tab >>> Routes >> Click create ) , it should be like below snap shot : 

> now , when traffic sourced from your web servers , it should arrive at your (" Core switch " in External Vlan ). 

> I think there is a Layer 4 DMZ firewall after your " Core Switch " , so you will need to add a route on " Core switch " that ( traffic destinated to '192.168.1.1' assign next hop the interface of DMZ firewall ). 

> Now , traffic is on DMZ firewall outside interface , you need to add a Policy on Firewall , this policy says 
(  Source network '10.10.98.0/24' destination network '192.168.1.0/24' and 'any' service port or specify your service port. ) 

> now your traffic should be reached to " 192.168.1.0/24" but do not forget to configure the Back routes , 
you need to configure these back routes : 

On  DMZ Firewall :  ( traffic destinated to '10.10.98.0/24' assign next hop the interface of Core switch that connected with DMZ firewall ).

On Core Switch :   ( traffic destinated to '10.10.98.0/24' assign next hop the interface of F5 external self ip " 172.16.1.2"  ).

> now , The returned traffic is on F5 and F5 will deliver it back to internal web servers 

I hope this help you 
Regards. 
Mohamed Kansoh