MAC Address Table

When you use bridge groups, the threat defense learns and builds a MAC address table in a similar way as a normal bridge or switch: when a device sends a packet through the bridge group, the threat defense adds the MAC address to its table. The table associates the MAC address with the source interface so that the threat defense knows to send any packets addressed to the device out the correct interface. Because traffic between bridge group members is subject to the threat defense security policy, if the destination MAC address of a packet is not in the table, the threat defense does not flood the original packet on all interfaces as a normal bridge does. Instead, it generates the following packets for directly-connected devices or for remote devices:

• Packets for directly-connected devices—The threat defense generates an ARP request for the destination IP address, so that it can learn which interface receives the ARP response.

• Packets for remote devices—The threat defense generates a ping to the destination IP address so that it can learn which interface receives the ping reply.

The original packet is dropped.