Adding Secondary Subnets with Static ARP

Started by bflores, March 09, 2022, 03:59:25 PM

The Static ARP feature allows for secondary subnets to be added on other interfaces, and without the addition of automatic NAT rules.

Adding a Secondary Subnet using the Static ARP Method
1. Add a 'published' static ARP entry for the gateway address that will be used for the secondary subnet, assigning it the MAC address of the firewall interface to which it will be connected.
2. Add a static route for that subnet, so that the firewall regards it as valid traffic, and knows to which interface to route that subnet's traffic.
3. Add Access Rules to allow traffic destined for that subnet to traverse the correct network interface.
4. Optional: Add a static route on upstream device(s) so that they know which gateway IP to use to reach the secondary subnet.
Consider the following network example:
To support the above configuration, first create a published static ARP entry for, the address which will serve as the gateway for the secondary subnet, and associate it with the appropriate LAN interface. From the Network > ARP page, select the Add button in the Static ARP Entries section, and add the following entry:

The entry will appear in the table.

Navigate to the Network > Routing page, and add a static route for the network, with the subnet mask on the X3 Interface.
To allow the traffic to reach the subnet, and to allow the subnet to reach the hosts on the LAN, navigate to the Firewall > Access Rules page, and add appropriate Access Rules to allow traffic to pass.