Question on Routing when F5 is Default Gateway

Question

I have a setup where the F5 serves as default gateway for 25 VLANs on the DMZ. The F5s default gateway is a Palo Alto 5000. The Palo has a route to 10.10.0.0/24 via 10.1.0.2 and is redistributing that route via OSPF. The F5 has a IP-forwarding virtual server configured.&nbsp;
PA (10.1.0.1/28) &lt;--VLAN 1--&gt; (10.1.0.2/28) F5 (10.10.0.1/24) &lt;--VLAN 10--&gt; Server (10.10.0.100/24)&nbsp;
Here's my conundrum:&nbsp;
Pings from the PA to 10.1.0.2: successfulPings from the PA to 10.10.0.1: unsuccessfulPings from the PA to 10.10.0.100: successfulPings from the F5 (VLAN 10) to 10.1.0.1: unsuccessfulPings from the Server to 10.1.0.1: successful
All in all, the setup works but if I try to ping or traceroute from interface VLAN 10 on the F5 to anything left of the F5, I receive "Destination Host Unreachable". &nbsp;
Any ideas?&nbsp;

stanislas_piro2 · Answer

Hi,&nbsp;
For security reasons, F5 does not allow packet to self IP from another VLAN than defined in Self.&nbsp;
As F5 does not filter self IP sources in port lockdown, filter is only done on VLAN.&nbsp;

Forum Discussion

Question on Routing when F5 is Default Gateway

1 Reply

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

F5 BigIP External Authentication and NTP servers in non default route domain.

Health monitor question

Setting default route using VLANs

F5 Connection Mirroring question

SNI Routing with DNS Lookup