Policy installation warnings about ignored Automatic Proxy ARP options

Misconfigurations can result in warnings about ignored Automatic Proxy ARP options.

When installing a Firewall policy, the “Automatic Proxy ARP option in NAT rule <rule tag> is ignored: none of the CVI interfaces are directly connected to the network in question” warning is shown when proxy ARP has been defined, but there is no matching CVI network configured in the Firewall element. Automatic proxy ARP is used in NAT to handle ARP requests to the translated IP address for hosts in networks that are directly connected to the Firewall. This warning can be due to an incorrect IP address or netmask setting, or the (not directly connected) Network in question missing from the Routing tree. It can also result from selecting the option for a NAT rule that involves an IP address for which the Firewall cannot act as an ARP proxy.

Related settings can be configured in NAT rules, in a Server Pool element, and in the Engine Editor for the Firewall element.