This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
P_M
Participant
‎2020-12-07 01:07 AM
Jump to solution

Proxy ARP for Manual NAT – (local.arp file) rewritten after restart

Hello,

We are running R80.30 in a clustered environment, and have Proxy ARP for Manual NAT – (local.arp file) in place.

I have noticed recently noticed that the local.arp file is written over with other information after every restart of one of the Firewall. The other Firewall is not affected.

I know that a former colleague that has since moved onto another employer had been testing setting up  Logical server, and had been experimenting with Proxy Arp for manual NAT (local.arp file).

Does anyone have a clue on where this setting is that rewrites the local.arp file on restart of the Firewall?

Thank you in advance.

 

Regards

P_M

0 Kudos
1 Solution

Accepted Solutions
Axel_Engeland
Participant
Participant
‎2020-12-07 02:29 AM
In response to P_M
Jump to solution

Hello P_M,

I'd recommend setting up proxy arp according to sk30197 on both nodes so local.arp is rewritten at boot, but with correct content. If I have the option to configure something in clish instead of some config file I always prefer clish.

Alternatively, you can write your local.arp manually and protect it from being overwritten by using "chattr +i $FWDIR/conf/local.arp", but this is neither recommended nor supported, I guess.

View solution in original post

5 Replies
Axel_Engeland
Participant
Participant
‎2020-12-07 01:55 AM
Jump to solution

$FWDIR/conf/local.arp is always rewritten on boot or configuration change by confd (except on VSX virtual systems >0). It should say so in the first three lines of the file ("# This file was AUTOMATICALLY GENERATED"...). Here are the things I would do:

  • Compare the content of local.arp with the clish configuration ("show arp proxy all")
  • Make sure the local.arp on both gateways do not have the immutable flag (lsattr $FWDIR/conf/local.arp should not show the "i" flag)
  • Check for custom boot configurations in /etc/rc.d/rc.local or /etc/rc.d/rc.local.user)
0 Kudos
P_M
Participant
‎2020-12-07 02:17 AM
In response to Axel_Engeland
Jump to solution

Hello Axel,

 

Thank you for your response.

 

When I run ("show arp proxy all") then I see that is the content from the output, that is written over to local.arp during restarts.

How can I now fix this issue?

 

Regards

P_M

0 Kudos
P_M
Participant
‎2020-12-07 02:19 AM
In response to P_M
Jump to solution

Forgot to mention, that is only on one of the cluster members that local.arp is written over during restart.

 

Regards 

P_M

0 Kudos
Axel_Engeland
Participant
Participant
‎2020-12-07 02:29 AM
In response to P_M
Jump to solution

Hello P_M,

I'd recommend setting up proxy arp according to sk30197 on both nodes so local.arp is rewritten at boot, but with correct content. If I have the option to configure something in clish instead of some config file I always prefer clish.

Alternatively, you can write your local.arp manually and protect it from being overwritten by using "chattr +i $FWDIR/conf/local.arp", but this is neither recommended nor supported, I guess.

P_M
Participant
‎2020-12-09 11:32 AM
In response to Axel_Engeland
Jump to solution

Hello Axel,

 

Thank you for your response and help!

I removed the Proxy Arp entry and this solved the problem with the local.arp being written over.

Cheers!

P-M

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events