Forum Discussion
k20
Jun 13, 2017Nimbostratus
Clients---FW1-----(VIP)F5----FW2----Servers Clients---FW1-----F5(VIP)----FW2----Servers
You can have either side of the F5 to be your virtual servers. Which FW is a default gateway for your F5?
If FW1 is a default gateway, you need a static route on the F5 to get to the servers with the next hop being the IP on FW2 facing the F5.
If FW2 is a default gateway, you need the traffic from the servers can get back to the clients through the F5. If your return traffic is not going through the F5 (you will face an asymmetric routing which your Checkpoint FW will drop by anti-spoofing or tcp packet out of state.