[j-nsp] How to protect the firewall
piranesi
piranesi at gmail.com
Thu Feb 9 08:56:17 EST 2017
If MAC address for the cluster IP address never changes, you can define
a static MAC address on the gateway. That way, the gateway will ignore
ARP packets for that IP. It's a workaround, but it works.
But if you want a definitive solution, i'd suggest you to stick to the
standard practice: never mix test stuff and production stuff.
On 09/02/17 13:11, james list wrote:
> Hi experts,
> I've a customer which experienced a big trouble since one of the server
> system engineer in the company has assigned to a test server the same ip
> address of the firewall cluster.
>
> They do not have networking resources and got time to understand the
> issue.
>
> My question: is there a way to protect the firewall ip addressing from
> other machines in lan which could send gratuitous arp with these
> addresses ?
>
> The ip addressing is static, no dhcp assignment on the server.
>
> Any idea/help is appreciated.
>
> Cheers
> James
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list