Showing results for 
Search instead for 
Did you mean: 
Post a Question

Gaia Cloning Group and Proxy ARP and VMAC


sk106592 (NAT fails on Security Gateway when using Gaia Cloning Groups)

The SK states (today) that:

  • NAT fails on Security Gateway / Cluster members when using Gaia Cloning Groups.

- Proxy ARP entries were configured via Gaia Cloning Groups.

- Cloning Groups are not appropriate for Proxy ARP entries, as these entries must present the MAC address of the physical device.

- Configuring Proxy ARP via the Cloning Group would cause the Security Gateway to respond with an incorrect MAC address to an ARP Request.


I have just added a comment to ask for a review of the SK.

1. If I understand correctly and it is the case that Proxy ARP is not supported in Gaia Cloning Groups then why is it a Shared Feature and should it not be removed if it not supported?

2. If is is somehow supported then does it support VMAC mode? 




0 Kudos
1 Reply

Re: Gaia Cloning Group and Proxy ARP and VMAC

This is not due to the VMAC not being supported, but to setup proxy ARP with a VMAC you need to use this format:

add arp proxy ipv4-address <NAT-IP> macaddress <VMAC> real-ipv4-address <Member IP>

So each member will have it's own IP address in the last field.

So in fact Proxy ARP should not be part of a cloning group, you can test it by enabling the ARP item in the cloning group and then try to add a proxy ARP, if it tells you it is a part of the cloning group, just add a space in front of the line and you will see it will accept the command.

Regards, Maarten