HP VPN Firewall Appliances Attack Protection Configuration Guide
61
Table 13 Configuration items
Item Descri
p
tion
Interface
Select the interface to be configured to perform ARP automatic scanning.
Start IP Address
Specify the start and end IP addresses of the IP address range for ARP automatic
scanning.
To reduce the scanning time, you can specify the IP address range for scanning if
you know the IP address range assigned to the neighbors in a LAN. The specified
start and end IP addresses must be in the same network segment as the primary IP
address or manually configured secondary IP address of the interface. If the
specified address range covers multiple network segments of the interface, the
source IP address in the ARP request is the interface address on the smallest
network segment.
IMPORTANT:
• Specify the start and end IP addresses in pair. When neither is specified,
the device scans only the network segment of the primary IP address of the
interface for neighbors. The source IP address of the sent ARP request is
the primary IP address of the interface.
• The start and end IP addresses must be in the same network segment as
the primary IP address or manually configured secondary IP address of
the interface, and the start IP address must be lower than or equal to the
end IP address.
End IP address
Also scan IP addresses of
dynamic ARP entries
Set whether to scan the IP addresses of the existing dynamic ARP entries.
Configuring fixed ARP
Configuration procedure
1. From the navigation tree, select Firewall > ARP Anti-Attack > Fix.
The fixed ARP page appears. The page lists all static ARP entries, including manually configured
ones and fixed ones, and all dynamic ARP entries.
Figure 49 Fixed ARP page
2. Click Fix All to convert all dynamic ARP entries to static ones.
3. Click Del All Fixed to delete all static ARP entries.