A customer has a network that looks like the attached diagram.
Their Sidewinder firewalls are set up in active-active mode for load-balancing and redundancy. On the Inside router's config, I noticed this line:
arp 10.52.0.4 00XX.b3XX.bcXX ARPA
Where 10.52.0.4 is the Virtual IP of the firewall cluster, and 00XX.b3XX.bcXX is the MAC address of the firewalls virtual adapter.
Can anyone tell me why that command is there, how does it help, or what does it do?
Perhaps they had an issue where the Sidewinder FWs weren't advertising the MAC addresses correctly or it wasn't populating in the router's arp table.
This process is done dynamically and seldom is done statically in routers.
I've seen it more often implemented in switches for security purposes but it doesn't scale very well for large amount of host devices.