ARP Proxy Vs Static Routes

Hey Manish,

With VLANs, It's recommended to use Static routes or create VLAN interfaces on the XG (only when you're not doing InterVLAN routing on the switch). Using ProxyARP for this scenario can make things complex from the configuration and troubleshooting standpoint.

Proxy ARP is ideally used in scenarios where Multiple IPs are given by the ISP and instead of configuring all the IPs on XG's interface, you want to configure those Public IP directly on the LAN Machine (Servers usually) along with ISP's gateway.

This is where XG responds to the ARP from the respective interface on behalf of the LAN Machine and the ISP gateway.

Thanks,

Thanks for the reply.

Now say if I want to experiment with the mentioned configuration, can u guide me as to how could I do it, since it is production so I want your guidance.

Secondly, you mentioned,  It's recommended to use Static routes or create VLAN interfaces on the XG (only when you're not doing InterVLAN routing on the switch) but in my scenario I have InterVLAN routing, so just for my Knowledge, say if I do not have InterVLAN routing then I can use Sophos VLAN feature, so then what would be its use. ?

Manish Chawda said:

say if I do not have InterVLAN routing then I can use Sophos VLAN feature

If interVALN routing is handled by the switch then you don't need to create VLANs on XG as you won't be sending tagged traffic. In this scenario, You can only add static routes to all the VLANs for the switch's interface IP (Connected to XG).

VLANs on XG is required when you make the port connecting to switch trunk and send tagged traffic to the XG. Here you create VLAN with their respective networks and XG acts as a default gateway for each VLAN. No static routes are required for this scenario.

If your VLAN spans across different ports of XG (highly unlikely) then you can use the concept of ProxyARP. You can reference our ProxyARP configuration guide for transparent gateways and structure it with your deployment

Hi,

Hope as far Static Routes are concerned, Hope based on the below sample configuration can you deduce that I have understood your concept.

This is how I would have configure VLAN on XG if I want to avoid Static Routes. This is for VLAN 1 and same would be true for all the VLANs existing in my network ?

Hi,

As you mentioned earlier 

"Proxy ARP is ideally used in scenarios where Multiple IPs are given by the ISP and instead of configuring all the IPs on XG's interface, you want to configure those Public IP directly on the LAN Machine (Servers usually) along with ISP's gateway.

This is where XG responds to the ARP from the respective interface on behalf of the LAN Machine and the ISP gateway."

Can I give one of the Machine Public IP of ISP, if so what configuration needs to be done on XG for Proxy ARP or it is default configured ?

You have too many questions open about VLAN configuration on the XG and you don’t have VLANs on your XG.

ian

Unknown said:

If your VLAN spans across different ports of XG (highly unlikely) then you can use the concept of ProxyARP. You can reference our ProxyARP configuration guide for transparent gateways and structure it with your deployment

Check out: support.sophos.com/.../KB-000035927

Sorry if you find irritating but since I am confused with all the stuff that's the reason I thought to ask in community.

Sorry if you find irritating but since I am confused with all the stuff that's the reason I thought to ask in community.

Yes, but you did not ask concisely or accurately. You only need one thread not many.

ian