ZyWALL not sending gratuitous ARP on WAN for NAT addresses after failover
we have two ZyWALL 1100 with HA Pro in the datacenter. From the provider, we get two uplinks. We publish the servers over 1:1 NAT.
Gateway (ISP): 18.104.22.168/24
WAN IP (ZyWALL): 22.214.171.124/24
NAT IP: 126.96.36.199/24, 188.8.131.52/24, 184.108.40.206/24 and so on
The NAT IPs are only used on NAT rules and not configured as secondary IPs on WAN interface.
The problem is that on failover the secondary firewall does not send out GARP packets for the NAT IPs. Therefore the switch of the ISP does not know that he has to send packets to the port of the secondary firewall. This means that the servers are not reachable from the Internet until they initiate a connection on their own.
Is this a known problem? Is there a workaround? Should we configure the NAT IPs as IP Aliases of WAN?
Thank you for your help!
Sign In to comment.