Authenticated ARP

System provides Authenticated ARP to protect the clients against ARP spoofing attacks. Authenticated ARP is implemented on the ARP client. When a PC with the ARP client installed accesses Internet via the interface that enables Authenticated ARP, it will perform an ARP authentication with the security appliance to assure the MAC address of the device being connected to the PC is trusted. Besides, the ARP client is also designed with powerful anti-spoofing and anti-replay mechanisms to defend against various ARP attacks.

Note: The Loopback interface and PPPoE sub-interface are not designed with ARP learning, so these two interfaces do not support Authenticated ARP.

This section describes how to configure Authenticated ARP.

Configuring Authenticated ARP

  1. On the Navigation pane, click Configure > Security > ARP Defense to visit the ARP Defense page.
  2. Click Authenticated ARP.
  3. In the Authenticated ARP dialog, select the interface(s) that will be controlled by Authenticated ARP.
  4. Enable or disable Force install as needed. If the Force install check box is selected, PCs cannot access Internet via the corresponding interface unless the ARP client has been installed; if the Force install check box is not selected, only PCs with the ARP client installed are controlled by Authenticated ARP.

To specify a description for Authenticated ARP that will be displayed in the download page of the client, take the following steps:

  1. On the Navigation pane, click Configure > Security > ARP Defense to visit the ARP Defense page.
  2. On the Task tab in the right pane, click Authenticated ARP Client Download Page.
  3. In the Authenticated ARP Client Download Page Configuration dialog, type your description into the Description box.
  4. Click OK to save your changes and return to the ARP Defense page.

ARP Client

The ARP client can run on Windows 2000/2003/XP/Vista.

To download and install the ARP client, take the following steps:

  1. Enable Authenticated ARP for an interface, and also select the Force install check box for the interface.
  2. When a PC accesses Internet via this interface, the ARP client's download page will pop up. Download the exe file as prompted.
  3. After downloading, double-click the ARP client's exe file and install the client as prompted by the installation wizard.

To uninstall the ARP client, click from the Start menu in your PC.