uOS - Device HA - Gratuitous ARP Enhancement
Zyxel Employee
Device HA - Gratuitous ARP (GARP) Enhancement
Device High Availability (HA) functionality has been enhanced to improve traffic routing during failover events. In a standard Device HA setup, firewalls use a virtual MAC address to ensure consistency between the primary and secondary units.
Support for NAT and Virtual IPs
In version 1.37, the firewall now sends Gratuitous ARP (GARP) messages for NAT external IP addresses and virtual servers. Previously, these virtual addresses did not send GARP messages, which could lead to inbound traffic being sent to the old physical MAC address of the failed unit.
In version 1.36, the IP address configured in NAT rule, e.g, 10.0.111.101 and 10.0.111.102 do not send GARP when Device HA failover occurs.
Key Specifications
- Traffic Redirection: By sending GARP for NAT IPs, the uplink router's ARP table is updated to associate the NAT IP with the new active firewall's virtual MAC address immediately after a failover.
- Limits: The NAT IP pool used for these GARP messages cannot exceed 255 addresses.
This enhancement ensures that inbound services remain reachable without manual intervention or extended downtime during a failover.
Categories
- All Categories
- 442 Beta Program
- 2.9K Nebula
- 217 Nebula Ideas
- 127 Nebula Status and Incidents
- 6.5K Security
- 578 USG FLEX H Series
- 344 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.4K Wireless
- 52 Wireless Ideas
- 6.9K Consumer Product
- 297 Service & License
- 476 News and Release
- 91 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.8K FAQ
- 34 Documents
- 87 About Community
- 102 Security Highlight