Authenticated ARP

Policy > ARP Defense > Authenticated ARP

Hillstone devices provide Authenticated ARP to protect the clients against ARP spoofing attacks. Authenticated ARP is implemented on the ARP client Hillstone Secure Defender. When a PC with Hillstone Secure Defender installed accesses Internet via the interface that enables Authenticated ARP, it will perform an ARP authentication with the Hillstone device to assure the MAC address of the device being connected to the PC is trusted. Besides, the ARP client is also designed with powerful anti-spoofing and anti-replay mechanisms to defend against various ARP attacks.

In the Authenticated ARP page, you can perform the following actions:

• Click Enable to force the device into the ARP authentication on the selected interfaces, or force the PCs that access the internet via the selected interfaces into installing the ARP client Hillstone Secure Defender. Otherwise, the device will be denied to access the internet. If you select Force Authenticate ARP on the selected interfaces without selecting Force Install, Authenticated ARP will take effect for the PCs with ARP client installed.
• Click Disable to disable the ARP authentication on the selected interfaces, or not force the PCs that access the internet via the selected interfaces into installing the ARP client Hillstone Secure Defender.
• Click Authenticated ARP Client Download Page to specify the description to be displayed in the authenticated ARP client download page.

Note: The Loopback interface and PPPoE sub-interface are not designed with ARP learning, so these two interfaces do not support Authenticated ARP.