Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

Are you an expert?    Interested in presenting at F5 AppWorld 2024?    Submit a proposal by Nov 29th!

F5 WAF Request not receiving

starboy
Cirrus
Cirrus

‎25-Oct-2023 01:44

Hi All

We have Checkpoint firewall and F5 WAF device and the traffic from external/public first comes to the Firewall then redirected to WAF Virtual Server and both are on the same subnet however, we can get a log the traffic from public to the WAF Virtual Server ip on firewall however the f5 doesnt have any hit for that particular VS. When I bypass the traffic from WAF it started working. when I try tcp dump on the firewall I got the following 

tcpdump -i eth0 host 172.16.1.254 > tcpdump.txt

[1_02]11:33:49.859081 IP 172.16.1.254 > 196.190.62.11: ICMP host 172.16.1.254 unreachable - admin prohibited filter, length 68

Kindly assist me on this issue

Labels:
0 Kudos
1 REPLY 1

Jeffrey_Granier
F5 Employee
F5 Employee

‎02-Nov-2023 10:17

Hello,

So the topology is like this?  Internet User --> Chpt FW -----> F5 BIG-IP WAF VS ----> Origin/PoolsYour not seeing any traffic hits on the BIG-IP VS that has a WAF policy applied on?

Can you run sample external curl tests to the BIG-IP VS, are you seeing traffic stats and or connection table entries on the BIG-IP?   Is the VS setup to listen on the appropriate vlans?   for TCPdump you will want to use the dataplane interfaces... If this is a non-prod unit  tcpdump -i 0.0 should cover all data plane interfaces and include the VS IP in the filter.    Can you post the vs config ?  

0 Kudos
Copyright © 2023 Khoros, LLC