No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


A Fault Occurs When the Firewall Works In Transparent Mode

Publication Date:  2012-07-17 Views:  97 Downloads:  0

Issue Description

SW1------USG5320-----SW2----H3C router
The original network is SW---SW---H3C. The customer deploys a USG5320 firewall between two SWs. The USG5320 works in transparent mode. Then a PC under SW1 fails to ping through the intranet gateway that is served by the H3C router. The customer enables all interzone rules on the firewall and adds the upstream and downstream ports to different zones when enabling the transparent mode.

Alarm Information


Handling Process

Run the firewall unknown-mac unicast { drop | arp | flood } command on the firewall to configure the processing method of unicast IP packets with unknown MAC addresses. 
Run the firewall unknown-mac { broadcast | multicast } { drop | flood } command to configure the processing method of broadcast and multicast IP packets with unknown MAC addresses.
After the previous two steps are performed, the customer still fails to ping through the intranet gateway. 

Root Cause

The firewall fails to obtain the MAC address of the upper-layer device. 


Run the undo firewall session link-state check command on the firewall. The problem is rectified. The cause to the problem is that the firewall discards packets due to inconsistency between inbound and outbound data.