Citrix Gateway Sends Traffic with Firewall's MAC Address
Article ID: CTX281417
Updated On:
Description
Citrix Gateway (12.0 and 12.1 version) is intermittently sending UDP traffic to backend server using source MAC as VMAC of the Firewall (next hop for server subnet) when Intranet IP address(IIP) is enabled. This issue appear only during heavy load.
This causes the Switch to learn the Firewall MAC from ADC’s port and causes the traffic routed to incorrect interface.
Resolution
Run the below command from ADC's cli prompt.
set l2param -usemymac ENABLED
With this configuration, the ADC would use its own MAC for all outgoing packets.
Note: This does not require L2 mode to be enabled
set l2param -usemymac ENABLED
With this configuration, the ADC would use its own MAC for all outgoing packets.
Note: This does not require L2 mode to be enabled
Problem Cause
ADC's MAC Address should be used as source MAC address for all outgoing traffic instead of Firewall MAC address.
Was this article helpful?
Yes
No
Powered by
