Policy Enforcement > ARP Spoofing Prevention
Network VirusWall Enforcer prevents Address Resolution Protocol (ARP) spoofing by broadcasting legitimate ARP information associated with your critical nodes. Network VirusWall Enforcer also monitors endpoints for ARP spoofing malware.
To detect and terminate ARP spoofing malware on endpoints, Network VirusWall Enforcer monitors applications for outgoing ARP traffic. If an application is found to be sending more than 100 ARP packets per second, Network VirusWall Enforcer considers the application ARP spoofing malware and can terminate the application.
Click Policy Enforcement > ARP Spoofing Prevention.
Under Malware Monitoring Settings, select Monitor for suspicious ARP traffic from endpoints. With this option selected, Network VirusWall Enforcer automatically monitors endpoints for ARP traffic.
To terminate endpoint applications exhibiting ARP spoofing behavior, select Stop endpoint processes that send suspicious ARP traffic.
Click Save.
By broadcasting legitimate ARP information, Network VirusWall Enforcer allows endpoints to correct spoofed ARP information from malware or other sources.
Note: When configuring ARP spoofing prevention, specify MAC and IP address information of your critical nodes, including gateways and servers. This information helps prevent misdirection of network traffic to critical nodes.
Click Policy Enforcement > ARP Spoofing Prevention.
Under Spoofing Prevention Settings, select Enable ARP spoofing prevention.
Specify the IP and MAC addresses of your critical nodes to help ensure that traffic to these nodes are not affected by ARP spoofing. To do this:
Type a valid IP address.
Note: ARP spoofing prevention only supports IPv4 addresses.
Type a valid MAC address.
Use the comment field to provide additional information about the node you are adding.
Click Add to.
Click Save.