Forum Discussion
NimbostratusUnable to reach VIPs IP
Hi all, we have a new setup with F5 LTM Virtual Edition with Palo Alto firewall. In this new setup, all VLAN gateway terminates on the firewall. This is slightly different from our other environment which also have F5.
We can't seem to get to ping any of the VIPs IP that have been publish and a trace route shows that after the source VLAN gateway, the packets get lost.
On the F5 LTM VE, we have configure the external default gateway same as the Self IP gateway. The F5 itself is able to ping the Self IP gateway.
One of my colleague mention maybe the firewall needs a manual route to be configure. We didn't have this issue when we setup the F5 in other environment but in other environment the gateway terminates on the switch.
2 Replies
Vijay_ECirrus
The F5's default GW is configured on the Palo Alto FW, right ? You would have to configure the Palo Alto FW with route pointing to the F5's floating or self IP for the network that F5 handles.
- boneyard
MVP
as this is a firewall my first question would be, is traffic allowed in the firewall rule bases from where ever you start your trace towards the interface where the F5 virtual IP subnet exists.
do you see hits on the firewall rule? have you done a packet capture to determine if the traffic flows correctly through the firewall?
