Hi everyone,
Came across this post:
https://live.paloaltonetworks.com/t5/general-topics/proxyarp-default-setting/td-p/194901
Wondered if it applied to AE's as well as we are having behaviour that suggests otherwise.
top of page
All things Palo Alto Networks
Forum: Forum
bottom of page
The firewall will interpret your NAT rules to determine how it should act with proxy-arp For "hide" nat (sourcenat) it will proxy arp for the ip used as source nat, which is usually just the interface ip, which it will restrict to /32 It will also look at the original destination setting (to intercept incoming session), which is typically also a /32, but if you set a larger subnet in the original destination, it will proxy arp for all of them
What are you seeing? Proxy arp is sent out of any (or all of misconfigured) when NAT is configured, if the interface is in layer3 mode (or has a layer3 vlan interface configured over a layer2 physical interface)