Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Not applicable

Created on ‎03-07-2007 12:00 AM

Article Id 192294

VIP on vlan interface of redundant interface does not reply to ARP

Article
DescriptionVIP created on VLAN interface of redundant interface does not reply to ARP
Components
  • All FortiGate units running FortiOS 3.0 MR4.
Steps or Commands

A FortiGate unit will not reply to ARP requests from a PC trying to access the web server when a Virtual IP is defined.

The reason is the last byte of the Virtual IP. The FortiGate unit uses the wrong address type, when the last bye is greater than or equal to 224. The FortiGate unit considers the VIP to be a multicast address and will not update the iplist table.

To correct this, manually insert a proxy-arp entry for the FortiGate unit using the CLI.

config system proxy-arp
    edit 1
        set interface "inet-bs"
        set ip <ip_address>
    next
end

This issue was fixed in the MR4 Patch 3 build and is scheduled to be corrected in FortiOS v3.0 MR5.


Labels:
4463
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.