Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, November 9, 2016 7:38 AM
Hello
i have faced an strange problem in my network.
i have a firewall which has 2 interfaces (public interface and LAN interface).
i have set the ip address of LAN interface as default gateway on client systems.
some systems occasionally can't access internet & after hours of checking, i founded that in these clients Arp table (shown with Arp -a),
the IP address of firewall's LAN interface is shown with a wrong MAC address (the MAC address of public interface of that firewall). !!!!
after we disconnect & reconnect network cable on these clients or after disabling & enabling client NIC, now the correct MAC address is shown in Arp table.
any help please ?
(additional info : firewall is kerio control version 9, installed in a VMware ESXi virtual machine).
(All settings are done perfectly & no false setting in ESXi or Kerio)
All replies (9)
Friday, November 11, 2016 3:04 AM âś…Answered
Hi John,
>>the false MAC address which is shown in clients' systems, is exactly the MAC address of Kerio's public interface.
Please try to move firewall, and configure client default gateway to be router or switch, and try to connect to internet, if it works, the issue could be caused by firewall, you could contact with firewall provider to get effect support.
Best Regards
John
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Thursday, November 10, 2016 9:51 AM
Hi John,
>>i have set the ip address of LAN interface as default gateway on ly client systems. some systems occasionally can't access internet & after hours of checking
When client was configured default gateway, it will send ARP query to LAN by broadcast, it could be accepted incorrect MAC address.
You could run ARP -d to clear ARP caching on client, or you could configure static ARP table to fix it.
Here is information about ARP for your reference:
Arp
https://technet.microsoft.com/en-us/library/cc940107.aspx
Best Regards
John
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Thursday, November 10, 2016 2:31 PM
Hi John,
>>i have set the ip address of LAN interface as default gateway on ly client systems. some systems occasionally can't access internet & after hours of checking
When client was configured default gateway, it will send ARP query to LAN by broadcast, it could be accepted incorrect MAC address.
You could run ARP -d to clear ARP caching on client, or you could configure static ARP table to fix it.
Here is information about ARP for your reference:
Arp
https://technet.microsoft.com/en-us/library/cc940107.aspx
Best Regards
John
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Thanks for reply, but i am familiar with Arp & its concepts & command line parameters.
my question was how this happens and how to solve this problem fundamentally.
it is obvious by creating static entries in client's MAC address we can manually teach the correct MAC address for LAN interface, but i need to know why such strange problem happened ?
the false MAC address which is shown in clients' systems, is exactly the MAC address of Kerio's public interface.
(seems when arp query reaches kerio firewall, it passes within it & reaches the public interface and it announces its MAC address. very odd ! )
Friday, November 11, 2016 3:42 PM
Hi John,
>>the false MAC address which is shown in clients' systems, is exactly the MAC address of Kerio's public interface.
Please try to move firewall, and configure client default gateway to be router or switch, and try to connect to internet, if it works, the issue could be caused by firewall, you could contact with firewall provider to get effect support.
Best Regards
John
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
the kerio firewall is simply deployed as a virtual machine in VMware ESXi and i have connected each interface to a separate port on Physical NIC on the server (server's physical NIC has 2 ports). also i installed a new physical NIC in server & connected to ports on it but still the same problem.
Good idea thanks, i'll try to place another router or firewall instead of kerio control to check whether the same problem arises or not.
Monday, November 14, 2016 5:44 AM
Hi John,
>> i'll try to place another router or firewall instead of kerio control to check whether the same problem arises or not.
If there have any updates, I appreciate that you could post solution to here or post further information for further troubleshooting, This will benefit all people accessing this forum.
Best Regards
John
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, November 14, 2016 11:12 AM
Hi John,
>> i'll try to place another router or firewall instead of kerio control to check whether the same problem arises or not.
If there have any updates, I appreciate that you could post solution to here or post further information for further troubleshooting, This will benefit all people accessing this forum.
Best Regards
John
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
ok. i removed Kerio control and instead i placed a windows server 2012 R2 virtual machine with 2 NIC in the same ESXi server & i installed RRAS role on it and configured RRAS as NAT server.
now the problem is solved. i wonder why that Kerio control behaved such strange behavior.
i have use Kerio control in many projects and hadn't seen such odd problem before.
thank for inquiring
(sorry if my English is not fluent and perhaps i have not used the most correct words in my statements) ;-)
Tuesday, November 15, 2016 2:50 AM | 1 vote
Hi John,
>>i have use Kerio control in many projects and hadn't seen such odd problem before.
For this issue, I suggest that you could contact with firewall provider for effect support.
Best Regards
John
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, November 16, 2016 7:43 AM
Hi John,
>>i have use Kerio control in many projects and hadn't seen such odd problem before.
For this issue, I suggest that you could contact with firewall provider for effect support.
Best Regards
John
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Sure. thanks for guidance
Wednesday, June 6, 2018 7:22 PM
Hi John!
It's been a while since your post, but i'm having the exact same problem, with almost the same infraestructure. Did you ever find a solution? I want to keep using Kerio Control...
Thanks,
Diego.