Setting up a new configuration in Layer 2 mode (bridged) when using a VMAC upstream for the Gateways MAC address.
When doing the initial configuration with a bridged setup (layer 2 mode) but all the traffic is being bypassed and not getting intercepted.
The sessions are being bypassed by the service listener. View the bypassed sessions under "Statistics -> Sessions -> Active -> Bypassed"
Certain firewall configurations require the use of static forwarding table entries. These firewall failover configurations use virtual IP (VIP) addresses and virtual MAC (VMAC) addresses. When a client sends an ARP request to the firewall VIP, the firewall replies with a VMAC (which can be an Ethernet multicast address); however, when the firewall sends a packet, it uses a physical MAC address, not the VMAC.
More information on the Forwarding Table can be found here in the Admin Guide:
Page 1461 - "Adding Static Forwarding Table Entries"
SGOS Administration Guide
https://support.symantec.com/content/unifiedweb/en_US/article.DOC10459.html
Once the static forwarding table entry is applied, check if the traffic is being intercepted now: "Statistics -> Sessions -> Active". The traffic should not be being intercepted.
--
If it's still not working after adding the Forwarding Table Entry, make sure the following has been check checked from following document:
How to set up the proxy in a physically in-path deployment without an IP address on the bridge?
https://support.symantec.com/en_US/article.TECH245178.html
"Then, ensure that the proxy is configured with the following settings:"
- Set the bridge interface settings to FAIL_OPEN, so that the proxy can transparently bridge traffic in case of a failure.
- Enable reflect client IP so that the IP address of the proxy isn't used as the source IP address.
- Enable trust destination IP to reduce the number of DNS lookups the proxy performs.
- If there is no GW for Internet addresses, then pipelining must be disabled.