Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

F5 WAF Request not receiving


Hi All

We have Checkpoint firewall and F5 WAF device and the traffic from external/public first comes to the Firewall then redirected to WAF Virtual Server and both are on the same subnet however, we can get a log the traffic from public to the WAF Virtual Server ip on firewall however the f5 doesnt have any hit for that particular VS. When I bypass the traffic from WAF it started working. when I try tcp dump on the firewall I got the following 

tcpdump -i eth0 host > tcpdump.txt

[1_02]11:33:49.859081 IP > ICMP host unreachable - admin prohibited filter, length 68

Kindly assist me on this issue


F5 Employee
F5 Employee


So the topology is like this?  Internet User --> Chpt FW -----> F5 BIG-IP WAF VS ----> Origin/PoolsYour not seeing any traffic hits on the BIG-IP VS that has a WAF policy applied on?

Can you run sample external curl tests to the BIG-IP VS, are you seeing traffic stats and or connection table entries on the BIG-IP?   Is the VS setup to listen on the appropriate vlans?   for TCPdump you will want to use the dataplane interfaces... If this is a non-prod unit  tcpdump -i 0.0 should cover all data plane interfaces and include the VS IP in the filter.    Can you post the vs config ?