Proxy ARP on VSNext

Alex- · ‎2026-04-01

We are following the documentation to create a proxy ARP on VSNext.

However, we can't make it work. $FWDIR/conf/local.arp is created only on CTX 0 and not in the relevant CTX wheareas the gclish commands are issued in the correct virtual system.

Maybe that moving it in the correct CTX would make it work but it's not documented and we'd rather avoid a situation where some update or process could cause ARP to fail.

asg_arp --verify and g_fw ctl arp don't return anything in the VS.

The solution we have for now is to create a loopback and add it to the topolgy of the VS. The system will accept a loopback which overlaps with an existing interface. For now it solves our issue.

We have a TAC case open where for now we've been asked to reboot the gateways but the situation remains.

R82 T60 + CRL fix.

emmap · ‎2026-04-01

Are the entries in local.arp that are created in VS0 context reflecting the configuration you're putting in for the VS in gclish?

Alex- · ‎2026-04-01

Yes.

emmap · ‎2026-04-01

That sounds like a bug then. You should be able to manually copy the entries from VS0 $FWDIR/conf/local.arp to the VS $FWDIR/conf/local.arp files and install policy.

Alex- · ‎2026-04-01

Likely, or the documentation must be amended. We will follow-up with TAC, for now our customer has solutions with the loopback which effectively provide the desired functionality.

emmap · ‎2026-04-01

It worked on earlier R82 JHFs when I tested it without any manual file editing, hence I think it's a bug. Good luck with TAC.

Are you a member of CheckMates?

Proxy ARP on VSNext