Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Iron

Couln't save sysctl variables

Jump to solution

Hello!

Unfortunately i don't know right category for my question... Sorry!

I have CheckPoint 600 Appliance with R77.20.20 firmware. There is a proble like https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut..., but "To view this solution, Advanced access is required"... Pity.


I consider that this ploblem seemsed like ARP Flux, so sulution can be "sysctl -w net.ipv4.conf.all.arp_ignore=2", byt this work only before reboot... For a standard linux you should write this config to /etc/sysctl.conf for permanently save. But CheckPoint is not a standard linux, and have no /etc/sysctl.conf (if i've create it, checkpoint dont read that). 

Whot shoul i do to save "net.ipv4.conf.all.arp_ignore=2" config permanently???

 

0 Kudos
1 Solution
8 Replies
Highlighted
Admin
Admin

SecureKnowledge article you want to access is irrelevant for SMB appliances. 

 

Before going any further, what is the issue with ARPs that you are facing?

0 Kudos
Highlighted
Iron

Somtimes (not everytime) when host A from the same network as firewall want to know communicate with host B, he is sending ARP request in order to get the MAC address of host B, host B terned off that time, but firewall ansvers, that have this mac in his LAN. It won't be a problem if not IEEE 802.1X, but we have this technology, and switch considers that host B mac is on firewals port of switch, not on host B real port of switch.
We want to forbid firewall answers for ARP requests.

0 Kudos
Highlighted
Sapphire
0 Kudos
Highlighted
Iron

unfortunately, we have no "Advanced access"

0 Kudos
Highlighted
Sapphire

Then contact TAC for help - you do have valid support ?

0 Kudos
Highlighted
Iron

Ok, i successfully have resolved my problem by ```echo "sysctl -w net.ipv4.conf.all.arp_ignore=2" >> /pfrm2.0/etc/userScript```

Highlighted
Admin
Admin

good to know!

0 Kudos