Add manual ARP entries to NGFW Engines

ARP (Address Resolution Protocol) entries and neighbor discovery entries are normally managed automatically based on the routing configuration. It is not necessary to add manual ARP entries or neighbor discovery entries unless there are problems with the automatic entries, such as devices that do not respond to gratuitous ARP requests, or that impose a significant delay on such operations.

The manual ARP entries and neighbor discovery entries are generated by the engines regardless of the policy installed on the nodes.

You can configure two kinds of ARP entries:

• A Static ARP entry gives the engine a permanent reference to an IP address/MAC address pair.
• A Proxy ARP entry gives a Firewall engine a reference to an IP address/MAC address pair for which the Firewall provides proxy ARP. Proxy ARP is possible only for hosts located in networks directly connected to the Firewall.

Firewalls support both static and proxy ARP entries defined with IPv4 and IPv6 addresses. IPS engines, Layer 2 Firewalls, Master NGFW Engines, and Virtual NGFW Engines support only static ARP entries defined with IPv4 addresses.

  For more details about the product and how to configure features, click Help or press F1.