- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Proxy ARP issues: cannot set interface, SSH differ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Proxy ARP issues: cannot set interface, SSH different than console, documentation useless
Hi there,
Currently I'm struggling with understanding how you deal with Proxy ARP on the Fortigate. So far support has been of no help (reply=RTFM which is incomprehensible).
Usually (other vendors) you have the choice of enabling/disabling proxy ARP on an interface. Plus some minor options. That's it.
Now, the Fortigate requires me to set an IP and an interface. I believe to understand that I have to manually define each IP for proxy arp? I can live with that, but it is also unclear what the interface it asks for is supposed to be: * Is it the interface where the IP is actually located (which should be implicit from the routing table)? * Is it the interface where the IP should be presented with the MAC of the router (which should be implicit from the interface address)?
Additionally I seem to be unable to activate proxy-arp on a VLAN interface. C'mon.....
FGXXXX# config system proxy-arp
FGXXXX(proxy-arp) # edit 1
new entry '1' added
FGXXXX(1) # set interface
<string> please input string value
mgmt interface
ssl.dmgmt-vdom(SSL VPN interface) interface
FGXXXX # (1) set interface "VLANX_Y"
entry not found in datasource
value parse error before 'VLANX_Y'
Command fail. Return code -3
Best regards,
Marki
Labels:
- Labels:
-
5.2
- « Previous
-
- 1
- 2
- Next »
11 REPLIES 11
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Oh and now I have found out that when you try to set or display proxy-arp settings (config system proxy-arp) this differs when logged in from console vs. logged in via SSH (dedicated management). Great. Now I wonder if support will get back to me like always (i.e. "that's just how it works, that's hard-coded and therefore cannot change"). [>:]
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Okay..... (holy ****) It seems that when dedicated-mgmt is configured, logging in via CLI puts you automatically in dmgmt-vdom vs. the GUI which shows you the normal vdom (root, whatever). Support is confused, they don't seem to understand that we need dedicated-mgmt only so that management is out-of-band and we don't actually want to do anything inside the dmgmt-vdom. (Even the doc says it is (supposed to be) hidden!!!) They even ask to add ports to dmgmt-vdom to configure proxy-arp (the original issue). Argh, so the answer for e.g. configuring proxy-arp is to "execute enter root" (in which case all interfaces are available again for selection) and then perform normal configuration. Still, one should find out why the CLI puts you in dmgmt-vdom by default when dedicated-mgmt is enabled, which is a stupid behavior. Let me guess what the response will be: "That's by design, hard-coded, and therefore can't be changed." Anyone else having similar discussions with support? [>:]
- « Previous
-
- 1
- 2
- Next »
Related Posts
- Fortigate send UDP 8014 packets on... 49 Views
- FG 60F fails to proceed CoA... 123 Views
- FortiNAC not responding to PA connections 181 Views
- WAN DNS 126 Views
- Possible memory issues with 7.2.8 142 Views
Labels
-
FortiGate
6,566 -
FortiClient
1,308 -
5.2
801 -
5.4
639 -
FortiManager
566 -
6.0
416 -
FortiAnalyzer
415 -
5.6
362 -
FortiSwitch
336 -
FortiAP
336 -
FortiClient EMS
267 -
6.2
251 -
FortiMail
243 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
151 -
6.4
128 -
FortiNAC
108 -
FortiGuard
102 -
FortiSIEM
89 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
FortiToken
71 -
Customer Service
70 -
4.0MR3
64 -
SSL-VPN
61 -
Wireless Controller
58 -
FortiProxy
45 -
FortiADC
43 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
32 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
25 -
Firewall policy
24 -
FortiConnect
24 -
FortiWAN
22 -
VLAN
21 -
FortiConverter
21 -
High Availability
20 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiAuthenticator
15 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
FortiGate v5.0
12 -
Routing
12 -
Interface
12 -
FortiCASB
12 -
Logging
11 -
LDAP
10 -
Virtual IP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
SSL SSH inspection
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
IP address management - IPAM
7 -
4.0
7 -
Security profile
6 -
Authentication
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
SSO
6 -
Traffic shaping policy
5 -
SNMP
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
Proxy policy
4 -
packet capture
4 -
WAN optimization
4 -
Web application firewall profile
4 -
Automation
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
Port policy
4 -
FortiScan
4 -
IPS signature
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Web profile
3 -
DoS policy
3 -
Intrusion prevention
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
FortiPAM
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
Fortinet Engage Partner Program
2 -
4.0MR1
1 -
TACACS
1 -
Users
1 -
Schedule
1 -
SDN connector
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Web rating
1 -
FortiManager-VM
1 -
Email filter profile
1 -
Multicast routing
1 -
Internet Service Database
1 -
Zone
1 -
Explicit proxy
1 -
Protocol option
1 -
System settings
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.