Symantec Gateway Enforcer; disabling the ARP proxy functionality

Article:TECH153927  |  Created: 2011-02-22  |  Updated: 2011-10-12  |  Article URL http://www.symantec.com/docs/TECH153927
Article Type
Technical Solution


Issue



The RU5 release of the Symantec Network Access Control (SNAC) 11.0 Gateway Enforcer software adds ARP proxy functionality. In certain situations it can be preferable to disable this functionality.


Error



Specifically, the ARP proxy functionality on the Gateway Enforcer can potentially cause routing issues on a network in certain situations if the Enforcer receives traffic from router that uses a Real MAC as source MAC of Virtual Internet Protocol (VIP) packets.


Solution



In the Gateway Enforcer command line interface (CLI) type the following commands:

  • configure
  • advanced
  • arp-proxy disable

The ARP proxy functionality is enabled by default. The arp-proxy command to disable the functionality is introduced in the RU6 release of the Enforcer software.




Article URL http://www.symantec.com/docs/TECH153927


Terms of use for this information are found in Legal Notices