SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

Networking: Automatic Gratuitous ARP when HA changes

When there is changes at HA/Clustering side there should be an option to automatically send Gratuitous ARP to a configurable router (by default can be the default route for a given network).

We have a big issue since years about that, as we have a bunch of IPs registered into our active/active cluster (more than 350 IPs) when a change occures at HA side more than half of our IPs are no more accessible for hours if we don't do anything...

So when we have an alert about this we need to run this sort of script:

for f in $(ip addr list|grep x.y.56|cut -f 2 -d 't'|cut -f 2 -d ' '|cut -f 1 -d '/'); do arping -s $f -I lag1.100 x.y.57.254 -f; done

If this can't be implemented we could at least triger some script execution on the master so we can execute that sort of command when a change occures in HA

Thx

13 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • sso
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    BuBU shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    1 comment

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Alex commented  ·   ·  Flag as inappropriate

        Did you do the "disable virtual MAC trick" that was needed a few revisions ago?

        # cc get ha advanced virtual_mac

        0 is off, 1 is on

        We did turn it off when we had UTM running on VMware, but we switched over to physical, and that setting came over with the config. I ENABLED the virtual MAC, and now the takeovers work fine.

      Feedback and Knowledge Base

      icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.