Interface issue - see traffic but no arp entry for gateway

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Interface issue - see traffic but no arp entry for gateway

L0 Member

We have an issue with an interface that is talking weirdly.  We have changed ports to rule out hardware, and I can work ok with a laptop in the same switchport.  The line comes from Verizon's media converter to a switch that is connected to the pair of HA firewalls and an HA pair of load balancers that use different addresses in the subnet.

 

The interface is assigned a public address from a pool of static addresses.  We can see inbound traffic in captures and we can see the interface arp the next hop, but there's no entry in the arp table and outbound traffic goes nowhere.  

 

Since the line comes from a media converter, Verizon says there's nothing to troubleshoot on their end, the switch shows the port up and normal and like I mentioned, I can plug in my laptop and get in and out without issue.  Pulling may hair out, any assistance is appreciated.

 

Jim

1 REPLY 1

Cyber Elite
Cyber Elite

Hello.

 

First, let me laugh/smirk at the comments from the telecos.  Always saying "not our problem!".

I have seen this time and again from ISPs, and I tend to engineer my own solution......

 

As VZ is not planning to help, the best/fastest suggestion I have is to create a static arp entry for the IP/mac of the gateway.

You can modify the interface on the FW, go to the Advance tab, and enter in the static arp entry.

 

Now, your FW has the mac address to be used, and you do not need to pull your hair out.

 

Definitely NOT a PANW FW issue. 

Help the community: Like helpful comments and mark solutions
  • 3079 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!