Proxy ARP is the technique of using a router to answer ARP requests. Proxy ARP can help hosts on a subnet reach remote subnets without the need for additional configuration. An administrator can set up a Transparent Subnet Gateway so that two physical segments with the same IP address range, connected to the same router can communicate via ARP with each other.
Applies to the following Sophos products and versions Sophos Firewall
The network diagram below shows the deployment for this example. The Sophos Firewall is between the upstream router on the WAN Zone and the Mail and Web server, placed in the DMZ. The Mail and Web server both share the same public IP as the router.
Throughout the article, we will use the network parameters as shown in the diagram below.
Click Save and the interface Port3 will be updated successfully.
set proxy-arp add interface Port2 dst_ip 22.214.171.124
set proxy-arp add interface Port2 dst_ip 126.96.36.199
set proxy-arp add interface Port3 dst_ip 188.8.131.52
Go to Configure > Routing > Static Routing, click Add in the IPv4 Unicast Route section to add a new static route. Fill out the details as shown below.
Click Save and the unicast route is added.
Create similar unicast routes for other two servers using the steps above.
For example, we have created the LAN to DMZ rule.The LAN to DMZ rule to allow access from the internal network to the Mail and Web server
Go to Firewall and click +Add Firewall Rule to add a firewall rule as shown in the image below.
Click Save and the Firewall Rule is created.
Create the other firewall rules to complete the configuration and allow traffic to flow as desired.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.