- Products
- Learn
- Local User Groups
- Partners
- More
CheckMates Fifth Birthday
Celebrate with Us!
days
hours
minutes
seconds
Join the CHECKMATES Everywhere Competition
Submit your picture to win!
Check Point Proactive support
Free trial available for 90 Days!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
The 2022 MITRE Engenuity ATT&CK®
Evaluations Results Are In!
Now Available: SmartAwareness Security Training
Training Built to Educate and Engage
MITRE ATT&CK
Inside Check Point products!
CheckFlix!
All Videos In One Space
Hello,
We are running R80.30 in a clustered environment, and have Proxy ARP for Manual NAT – (local.arp file) in place.
I have noticed recently noticed that the local.arp file is written over with other information after every restart of one of the Firewall. The other Firewall is not affected.
I know that a former colleague that has since moved onto another employer had been testing setting up Logical server, and had been experimenting with Proxy Arp for manual NAT (local.arp file).
Does anyone have a clue on where this setting is that rewrites the local.arp file on restart of the Firewall?
Thank you in advance.
Regards
P_M
Hello P_M,
I'd recommend setting up proxy arp according to sk30197 on both nodes so local.arp is rewritten at boot, but with correct content. If I have the option to configure something in clish instead of some config file I always prefer clish.
Alternatively, you can write your local.arp manually and protect it from being overwritten by using "chattr +i $FWDIR/conf/local.arp", but this is neither recommended nor supported, I guess.
$FWDIR/conf/local.arp is always rewritten on boot or configuration change by confd (except on VSX virtual systems >0). It should say so in the first three lines of the file ("# This file was AUTOMATICALLY GENERATED"...). Here are the things I would do:
Hello Axel,
Thank you for your response.
When I run ("show arp proxy all") then I see that is the content from the output, that is written over to local.arp during restarts.
How can I now fix this issue?
Regards
P_M
Forgot to mention, that is only on one of the cluster members that local.arp is written over during restart.
Regards
P_M
Hello P_M,
I'd recommend setting up proxy arp according to sk30197 on both nodes so local.arp is rewritten at boot, but with correct content. If I have the option to configure something in clish instead of some config file I always prefer clish.
Alternatively, you can write your local.arp manually and protect it from being overwritten by using "chattr +i $FWDIR/conf/local.arp", but this is neither recommended nor supported, I guess.
Hello Axel,
Thank you for your response and help!
I removed the Proxy Arp entry and this solved the problem with the local.arp being written over.
Cheers!
P-M
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY