The ProxySG is responding to ARP requests on interfaces that don't have the IP address bound.
This is causing problems with load balancers to not work correctly.
Is there a way to disable this feature?
By default, the ProxySG will answer to ARP requests received on any interface as long as there is an IP address configured on the proxy that matches the request. For example assume the ProxySG has 2 interfaces configured:
Interface "0" is configured with 10.1.1.1
Interface "1" is configured with 192.168.1.1
If an ARP request for 10.1.1.1 is received on interface "1", even if the IP is for another interface, the ProxySG will answer the ARP request. This behavior might cause problems with some load-balancers.
The ProxySG has a hidden command to change this default behavior. To change this setting, please SSH or go to the serial console of the ProxySG and run the following commands
Enter configuration commands, one per line. End with CTRL-Z.
ProxySG#(config)tcp-ip arp-strict-matching enable
ARP response on matching interface only: enabled
ProxySG# (config) exit
With this option enabled, an interface will only response to ARP request for its own IP address.
To revert back to default behavior:
ProxySG#(config)tcp-ip arp-strict-matching disable
ARP response on matching interface only: disabled
This command was added in SGOS 220.127.116.11 and SGOS 18.104.22.168
This configuration is kept in the registry and retained through restart. However, since it is a hidden command, it will not appear in the Sysinfo and it will not be part of the archived configuration. In the event where the configuration is copied over to another ProxySG, the command to change the ARP response behavior will have to be manually entered.