cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

configure Proxy Arp on VSX cluster firewall

Jump to solution

Hi Team ,

Can someone explain me how to configure Proxy Arp for  Static NAT Public IP on R80.10 VSX Cluster firewall .My Cluster is active passive mode .I am go through SK30197 but not understand .

0 Kudos
1 Solution

Accepted Solutions
Wolfgang
Silver

Re: configure Proxy Arp on VSX cluster firewall

Jump to solution

Nilesh,

ther's another way to add a proxy arp entry to a gateway without configuring via the GAiA portal or close.

Add a host object with your external IP to your rulebase and configure automatic NAT (static). As NAT-IP use the same external IP, add the relevant gateway and do a policy install. With this host object the gateway adds an proxy arp entry to the the gateway.

proxy_arp1.PNGproxy_arp2.PNG

 

 

 

 

 

 

Wolfgang

0 Kudos
2 Replies

Re: configure Proxy Arp on VSX cluster firewall

Jump to solution
First thing you need to know is the mac address that is connected to the correct interface, you can find that by entering in expert mode (lets say you are working on VS5:
vsenv 5
cphaprob stat
ifconfig
From the last find the correct interface that belongs to the IP from the same network/subnet you want to add the proxy arp for.
Now go back to clish and enter the following commands:
set virtual-system 5
add arp proxy ipv4-address 10.10.10.20 macaddress 00:xx:xx:xx:xx:xx real-ipv4-address 10.10.10.1
Where 10.10.10.20 is the NAT IP you added and 10.10.10.1 is the IP on the interface. Once added push policy, but before you do, do not forget to check that the global NAT properties, 'merge manual proxy ARP configuration' is ticked.
Now check to see if it all works properly with:
fw ctl arp

Regards, Maarten
0 Kudos
Wolfgang
Silver

Re: configure Proxy Arp on VSX cluster firewall

Jump to solution

Nilesh,

ther's another way to add a proxy arp entry to a gateway without configuring via the GAiA portal or close.

Add a host object with your external IP to your rulebase and configure automatic NAT (static). As NAT-IP use the same external IP, add the relevant gateway and do a policy install. With this host object the gateway adds an proxy arp entry to the the gateway.

proxy_arp1.PNGproxy_arp2.PNG

 

 

 

 

 

 

Wolfgang

0 Kudos