Unable to reach VIPs IP

Question

Hi all, we have a new setup with F5 LTM Virtual Edition with Palo Alto firewall. In this new setup, all VLAN gateway terminates on the firewall. This is slightly different from our other environment which also have F5.&nbsp;
We can't seem to get to ping any of the VIPs IP that have been publish and a trace route shows that after the source VLAN gateway, the packets get lost. &nbsp;
On the F5 LTM VE, we have configure the external default gateway same as the Self IP gateway. The F5 itself is able to ping the Self IP gateway. &nbsp;
One of my colleague mention maybe the firewall needs a manual route to be configure. We didn't have this issue when we setup the F5 in other environment but in other environment the gateway terminates on the switch.&nbsp;

vijay_e · Answer

The F5's default GW is configured on the Palo Alto FW, right ? You would have to configure the Palo Alto FW with route pointing to the F5's floating or self IP for the network that F5 handles.&nbsp;

boneyard · Answer

as this is a firewall my first question would be, is traffic allowed in the firewall rule bases from where ever you start your trace towards the interface where the F5 virtual IP subnet exists.&nbsp;
do you see hits on the firewall rule? have you done a packet capture to determine if the traffic flows correctly through the firewall?&nbsp;

Forum Discussion

Unable to reach VIPs IP

2 Replies

Recent Discussions

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Enabling AVR and creating Profiles

Get associated pool name from VIP IP using F5-LTM

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

Related Content

unable to ping VIP from server with the F5 as the DGW

APM RDP Remote resource cannot be reached

Unable to access GUI

VIP-targeting-VIP solution using Standard and performance L4 VS

How to tell nginx to use a forward proxy to reach a specific destination