Properties

ARPMatchEnetSender

The Ethernet Sender address matching the hardware address in the ARP data. (Default: DropLog)

ARPQueryNoSenderIP

If the IP source address of an ARP query (NOT response!) is 0.0.0.0 (null). (Default: DropLog)

ARPSenderIP

The IP Source address in ARP packets. (Default: Validate)

UnsolicitedARPReplies

Unsolicited ARP Replies. (Default: DropLog)

ARPRequests

Should ARP requests automatically be added to the ARP table?. (Default: Drop)

ARPChanges

ARP packets that would cause an entry to be changed. (Default: AcceptLog)

StaticARPChanges

ARP packets that would cause static entries to be changed. (Default: DropLog)

ARPMulticast

ARP packets claiming to be multicast addresses; may need to be enabled for some load balancers / redundancy solutions. (Default: DropLog)

ARPBroadcast

ARP packets claiming to be broadcast addresses; should never need to be enabled. (Default: DropLog)

ARPExpire

Lifetime of an ARP entry in seconds. (Default: 900)

ARPOptimistTime

Time (in seconds) before a flow, whose associated ARP entry has expired, should consider 'forward progress' to have been lost and begin a new ARP resolve operation. (Default: 60)

ARPMaxQueries

Maximum ARP queries to send (one per second) before giving up address resolution. (Default: 10)

ARPMaxProbes

Maximum ARP probes to send (one per second) before giving up a resolved ARP entry that has timed out. (Default: 4)

ARPExpireUnknown

Lifetime of an unknown ARP entry in seconds. (Default: 3)

ARPCacheSize

Number of ARP entries in cache, total. (Default: 4096)

ARPIPConflict

Behavior when receiving an ARP request with a sender IP conflicting with the one used on the receive interface. (Default: Notify)

LogARPOutOfEntries

Whether to log when there are not enough free ARP entries in the firewall to perform IP address resolution (this will cause old entries to be recycled). (Default: Yes)

LogARPResolveFailure

Log when address resolution fail. (Default: Yes)