DescriptionThis articles describes how a FortiGate will behave when it receives a Gratuitous ARP.SolutionWhen the FortiGate is in NAT mode, the behavior will differ according to ARP entry state.1) A corresponding ARP entry exists in the table:In this case the FortiGate will update the entry with new MAC address as informed by gratuitous ARP.FG1K2D-2 # get sys arp
Address Age(min) Hardware Addr Interface
10.115.1.15 1 00:00:5e:00:01:7e port17
172.31.19.254 0 00:09:0f:09:32:12 mgmt1
FG1K2D-2 # diag sniffer packet port17 '' 4 a
interfaces=[port17]
filters=[]
12.506147 port17 -- arp reply 10.115.1.15 is-at 0:0:5e:0:1:7a
23.647347 port17 -- arp reply 10.115.1.15 is-at 0:0:5e:0:1:7a
FG1K2D-2 # get sys arp
Address Age(min) Hardware Addr Interface
10.115.1.15 1 00:00:5e:00:01:7a port17
172.31.19.254 0 00:09:0f:09:32:12 mgmt1
2) The FortiGate receives a Gratuitous ARP that does not correspond to any entry in ARP table:The FortiGate will ignore such GARP packets and will not populate the ARP table.3) The FortiGate sends an ARP request and within the next 5 minutes receives a GARP that corresponds to IP requested:This GARP packet will be taken into account. The FortiGate does not make difference between directed ARP reply and GARP.Related Articles
Technical Note: FortiGate and Gratuitous ARP (GARP)
