Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 1448 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ARP Proxy Vs Static Routes

Manish Chawda

Hi,

I have VLAN and for that I have configured Static Routes. Is that I can configure ARP Proxy instead of Static Routes.

Manish



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hey Manish,

    With VLANs, It's recommended to use Static routes or create VLAN interfaces on the XG (only when you're not doing InterVLAN routing on the switch). Using ProxyARP for this scenario can make things complex from the configuration and troubleshooting standpoint.

    Proxy ARP is ideally used in scenarios where Multiple IPs are given by the ISP and instead of configuring all the IPs on XG's interface, you want to configure those Public IP directly on the LAN Machine (Servers usually) along with ISP's gateway.

    This is where XG responds to the ARP from the respective interface on behalf of the LAN Machine and the ISP gateway.

    Thanks,

  • 0 in reply to FormerMember

    Thanks for the reply.

    Now say if I want to experiment with the mentioned configuration, can u guide me as to how could I do it, since it is production so I want your guidance.

    Secondly, you mentioned,  It's recommended to use Static routes or create VLAN interfaces on the XG (only when you're not doing InterVLAN routing on the switch) but in my scenario I have InterVLAN routing, so just for my Knowledge, say if I do not have InterVLAN routing then I can use Sophos VLAN feature, so then what would be its use. ?

  • FormerMember
    0 FormerMember in reply to Manish Chawda
    Manish Chawda said:
    say if I do not have InterVLAN routing then I can use Sophos VLAN feature

    If interVALN routing is handled by the switch then you don't need to create VLANs on XG as you won't be sending tagged traffic. In this scenario, You can only add static routes to all the VLANs for the switch's interface IP (Connected to XG).

    VLANs on XG is required when you make the port connecting to switch trunk and send tagged traffic to the XG. Here you create VLAN with their respective networks and XG acts as a default gateway for each VLAN. No static routes are required for this scenario.

    If your VLAN spans across different ports of XG (highly unlikely) then you can use the concept of ProxyARP. You can reference our ProxyARP configuration guide for transparent gateways and structure it with your deployment

  • 0 in reply to FormerMember

    Hi,

    Hope as far Static Routes are concerned, Hope based on the below sample configuration can you deduce that I have understood your concept.

    This is how I would have configure VLAN on XG if I want to avoid Static Routes. This is for VLAN 1 and same would be true for all the VLANs existing in my network ?

Reply
  • 0 in reply to FormerMember

    Hi,

    Hope as far Static Routes are concerned, Hope based on the below sample configuration can you deduce that I have understood your concept.

    This is how I would have configure VLAN on XG if I want to avoid Static Routes. This is for VLAN 1 and same would be true for all the VLANs existing in my network ?

Children
No Data