Default Settings

  • If you enable ARP inspection, the default setting is to flood non-matching packets.

  • The default timeout value for dynamic MAC address table entries is 5 minutes.

  • By default, each interface automatically learns the MAC addresses of entering traffic, and the threat defense device adds corresponding entries to the MAC address table.

    Note

    Secure Firewall Threat Defense device generates a reset packet to reset a connection that is denied by a stateful inspection engine. Here, the destination MAC address of the packet is not determined based on the ARP table lookup but instead it is taken directly from the packets (connections) that are being denied.