Setting up a new configuration in Layer 2 mode (bridged) when using a VMAC upstream for the Gateways MAC address.
When doing the initial configuration with a bridged setup (layer 2 mode) but all the traffic is being bypassed and not getting intercepted.
The sessions are being bypassed by the service listener. View the bypassed sessions under "Statistics -> Sessions -> Active -> Bypassed"
Certain firewall configurations require the use of static forwarding table entries. These firewall failover configurations use virtual IP (VIP) addresses and virtual MAC (VMAC) addresses. When a client sends an ARP request to the firewall VIP, the firewall replies with a VMAC (which can be an Ethernet multicast address); however, when the firewall sends a packet, it uses a physical MAC address, not the VMAC.
"Then, ensure that the proxy is configured with the following settings:"
- Set the bridge interface settings to FAIL_OPEN, so that the proxy can transparently bridge traffic in case of a failure. - Enable reflect client IP so that the IP address of the proxy isn't used as the source IP address. - Enable trust destination IP to reduce the number of DNS lookups the proxy performs. - If there is no GW for Internet addresses, then pipelining must be disabled.
Subscribing will provide email updates when this Article is updated. Login is required.