Add manual ARP entries to NGFW Engines

You can add manual ARP entries for IPv4 and neighbor discover entries for IPv6 in the Engine Editor.

ARP (Address Resolution Protocol) entries and neighbor discovery entries are normally managed automatically based on the routing configuration. It is not necessary to add manual ARP entries or neighbor discovery entries unless there are problems with the automatic entries, such as devices that do not respond to gratuitous ARP requests, or that impose a significant delay on such operations. The manual ARP entries and neighbor discovery entries are generated by the NGFW Engine regardless of the installed policy.

Firewalls support both static and proxy ARP entries defined with IPv4 and IPv6 addresses. IPS engines, Layer 2 Firewalls, Master NGFW Engines, and Virtual NGFW Engines support only static ARP entries defined with IPv4 addresses.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Right-click an NGFW Engine, then select Edit <element type>.
  2. Browse to Interfaces > ARP Entries.
  3. Click Add ARP Entry.
  4. Configure the settings.
  5. Click Save and Refresh to transfer the configuration to the NGFW engine.

Engine Editor > Interfaces > ARP Entries

Use this branch to manually add ARP entries for IPv4 or neighbor discover entries for IPv6.

Option Definition
Type
  • Static — The ARP entry gives the NGFW Engine a permanent reference to an IP address/MAC address pair.
  • Proxy — The ARP entry gives the NGFW Engine a reference to an IP address/MAC address pair for which the NGFW Engine provides proxy ARP. Proxy ARP is possible only for hosts located in networks directly connected to the NGFW Engine.
Interface ID The interface on which you want to apply this ARP entry
IP Addresses Enter an IPv4 or IPv6 address.
MAC Address Enter a MAC Address.
Add ARP Entry Adds an ARP entry.
Remove ARP Entry Removes the selected ARP entry.