We have Checkpoint firewall and F5 WAF device and the traffic from external/public first comes to the Firewall then redirected to WAF Virtual Server and both are on the same subnet however, we can get a log the traffic from public to the WAF Virtual Server ip on firewall however the f5 doesnt have any hit for that particular VS. When I bypass the traffic from WAF it started working. when I try tcp dump on the firewall I got the following
So the topology is like this? Internet User --> Chpt FW -----> F5 BIG-IP WAF VS ----> Origin/PoolsYour not seeing any traffic hits on the BIG-IP VS that has a WAF policy applied on?
Can you run sample external curl tests to the BIG-IP VS, are you seeing traffic stats and or connection table entries on the BIG-IP? Is the VS setup to listen on the appropriate vlans? for TCPdump you will want to use the dataplane interfaces... If this is a non-prod unit tcpdump -i 0.0 should cover all data plane interfaces and include the VS IP in the filter. Can you post the vs config ?