uOS - Device HA - Gratuitous ARP Enhancement
Zyxel Employee
Device HA - Gratuitous ARP (GARP) Enhancement
Device High Availability (HA) functionality has been enhanced to improve traffic routing during failover events. In a standard Device HA setup, firewalls use a virtual MAC address to ensure consistency between the primary and secondary units.
Support for NAT and Virtual IPs
In version 1.37, the firewall now sends Gratuitous ARP (GARP) messages for NAT external IP addresses and virtual servers. Previously, these virtual addresses did not send GARP messages, which could lead to inbound traffic being sent to the old physical MAC address of the failed unit.
In version 1.36, the IP address configured in NAT rule, e.g, 10.0.111.101 and 10.0.111.102 do not send GARP when Device HA failover occurs.
Key Specifications
- Traffic Redirection: By sending GARP for NAT IPs, the uplink router's ARP table is updated to associate the NAT IP with the new active firewall's virtual MAC address immediately after a failover.
- Limits: The NAT IP pool used for these GARP messages cannot exceed 255 addresses.
This enhancement ensures that inbound services remain reachable without manual intervention or extended downtime during a failover.
Categories
- All Categories
- 442 Beta Program
- 2.9K Nebula
- 219 Nebula Ideas
- 127 Nebula Status and Incidents
- 6.5K Security
- 602 USG FLEX H Series
- 344 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.4K Wireless
- 52 Wireless Ideas
- 7K Consumer Product
- 298 Service & License
- 481 News and Release
- 92 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.8K FAQ
- 34 Documents
- 87 About Community
- 105 Security Highlight