Forum Discussion

starboy's avatar
starboy
Icon for Cirrus rankCirrus
Oct 25, 2023

F5 WAF Request not receiving

Hi All

We have Checkpoint firewall and F5 WAF device and the traffic from external/public first comes to the Firewall then redirected to WAF Virtual Server and both are on the same subnet however, we can get a log the traffic from public to the WAF Virtual Server ip on firewall however the f5 doesnt have any hit for that particular VS. When I bypass the traffic from WAF it started working. when I try tcp dump on the firewall I got the following 

tcpdump -i eth0 host 172.16.1.254 > tcpdump.txt

[1_02]11:33:49.859081 IP 172.16.1.254 > 196.190.62.11: ICMP host 172.16.1.254 unreachable - admin prohibited filter, length 68

Kindly assist me on this issue

application delivery
security

1 Reply

Sort By
  • Jeffrey_Granier's avatar
    Jeffrey_Granier
    Icon for Employee rankEmployee
    Nov 02, 2023

    Hello,

    So the topology is like this?  Internet User --> Chpt FW -----> F5 BIG-IP WAF VS ----> Origin/PoolsYour not seeing any traffic hits on the BIG-IP VS that has a WAF policy applied on?

    Can you run sample external curl tests to the BIG-IP VS, are you seeing traffic stats and or connection table entries on the BIG-IP?   Is the VS setup to listen on the appropriate vlans?   for TCPdump you will want to use the dataplane interfaces... If this is a non-prod unit  tcpdump -i 0.0 should cover all data plane interfaces and include the VS IP in the filter.    Can you post the vs config ?