Tuesday, May 16, 2017

VSX and local.arp - correction and follow up

Hi, in one of my previous posts I have mentioned that with Jumbo HFA 210 and up local.arp files are purged.

The issue was reported to me by a customer, and I was not personally involved in troubleshooting it. That was my oversight, which led to some erroneous statements in the original post.

Since several Check Point developers and RND managers reached out to me to investigate the details. After thorough analysis it has been found that the information reported is not 100% accurate.

Here are the results:

1. Check Point admits that after Jumbo installation local.arp on VS0 only will be purged. This issue will be corrected with the next HFA package.

2. Any VS other than VS0 will keep local.arp intact. That also means, the original warning about installing Jumbo package 216 was incorrect. With regular precaution, such as backups and local modifications saved aside, there is no showstopper for VSX, unless you filter your production traffic on VS0.

3. The actual customer's issue occurred on a physical FW and not on VSX. Here I have to remind all that the only supported way to configure Proxy ARP settings on physical Gaya based devices is through CLISH.

More info to follow.

I thank Gera Dorfman, Yigal Alexander and Sergei Shir for their time and efforts spent to investigate the issue.

No comments:

Post a Comment