![]() As of information of the Support of Fortinet there is no possibility or a available command which shows this entries.īy the way the same issue/situation we have for routing entries depending client2site (dial-up). All commands shown here are based on layer 2 and therefore firewall deamon layer 4 arp entries you will never see. ![]() ![]() If you look to the arp tabel you will NOT see the arp entry for the second public IP because the VIP which has enabled "arp-reply yes" is existing in layer 4 or within the firewall deamon and because of this you will not see a corresponding entry in the command shown here. If you use no a second one and you DO NOT configure the second one as secondary IP on the wan1 (not needed) but instead you configure a VIP based on the second one all works from scratch as long as the second public IP is routed to the wan1 from outsite perspective. Example: if you have one public IP on the wan1 and it is physical configured you will see the arp no problem. What has to be noted in this comunication is following:ĪRP entries on a FortiGate configured as whatever on a physical interface can be seen with the corresponding commands shown here like:ĪRP entries like VIP ones CAN NOT BE SEEN on the arp list because they are existing in the firewall deamon on layer 4.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |