topic Proxy ARP on VSNext in Firewall and Security Management

Proxy ARP on VSNext

Alex- — Wed, 01 Apr 2026 18:25:57 GMT

We are following the documentation to create a proxy ARP on VSNext.

However, we can't make it work. $FWDIR/conf/local.arp is created only on CTX 0 and not in the relevant CTX wheareas the gclish commands are issued in the correct virtual system.

Maybe that moving it in the correct CTX would make it work but it's not documented and we'd rather avoid a situation where some update or process could cause ARP to fail.

asg_arp --verify and g_fw ctl arp don't return anything in the VS.

The solution we have for now is to create a loopback and add it to the topolgy of the VS. The system will accept a loopback which overlaps with an existing interface. For now it solves our issue.

We have a TAC case open where for now we've been asked to reboot the gateways but the situation remains.

R82 T60 + CRL fix.

Re: Proxy ARP on VSNext

emmap — Thu, 02 Apr 2026 02:09:26 GMT

Are the entries in local.arp that are created in VS0 context reflecting the configuration you're putting in for the VS in gclish?

Re: Proxy ARP on VSNext

Alex- — Thu, 02 Apr 2026 04:04:01 GMT

Yes.

Re: Proxy ARP on VSNext

emmap — Thu, 02 Apr 2026 05:23:38 GMT

That sounds like a bug then. You should be able to manually copy the entries from VS0 $FWDIR/conf/local.arp to the VS $FWDIR/conf/local.arp files and install policy.

Re: Proxy ARP on VSNext

Alex- — Thu, 02 Apr 2026 06:09:18 GMT

Likely, or the documentation must be amended. We will follow-up with TAC, for now our customer has solutions with the loopback which effectively provide the desired functionality.

Re: Proxy ARP on VSNext

emmap — Thu, 02 Apr 2026 06:18:06 GMT

It worked on earlier R82 JHFs when I tested it without any manual file editing, hence I think it's a bug. Good luck with TAC.