Bug ID 611440: AFM NAT does not support Proxy ARP for Source Translation Addresses

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
12.1.0, 12.1.1, 12.1.2, 12.1.3,,,,,,,, 12.1.4,, 12.1.5,,,, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Fixed In:

Opened: Aug 17, 2016

Severity: 3-Major


AFM NAT does not support proxy ARP for source translation addresses that are in the same subnet as the egress interface.


Since AFM NAT does not respond to ARP requests for the translated IP Address in the directly connected topology, the return traffic does not reach the BIG-IP system.


- AFM NAT source translation is being used. - The source translation IP address is in the same subnet as the egress interface (self IP address).


You can use either of the following workarounds: -- Use static ARP configuration for the AFM NAT source translated addresses (in same subnet as egress interface) on the downstream device. -- Use the routing topology instead (so that NAT Address is not in the same subnet as the egress interface).

Fix Information

This is now fixed by allowing a configuration option per AFM NAT Source translation object that can be enabled to allow AFM NAT to respond to ARP requests for these addresses. By default, it is disabled.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips