Symantec Gateway Enforcer; disabling the ARP proxy functionality

Article:TECH153927  |  Created: 2011-02-22  |  Updated: 2011-10-12  |  Article URL
Article Type
Technical Solution


The RU5 release of the Symantec Network Access Control (SNAC) 11.0 Gateway Enforcer software adds ARP proxy functionality. In certain situations it can be preferable to disable this functionality.


Specifically, the ARP proxy functionality on the Gateway Enforcer can potentially cause routing issues on a network in certain situations if the Enforcer receives traffic from router that uses a Real MAC as source MAC of Virtual Internet Protocol (VIP) packets.


In the Gateway Enforcer command line interface (CLI) type the following commands:

  • configure
  • advanced
  • arp-proxy disable

The ARP proxy functionality is enabled by default. The arp-proxy command to disable the functionality is introduced in the RU6 release of the Enforcer software.

Article URL

Terms of use for this information are found in Legal Notices