[Webcam007]

I must confess I was on here looking for an answer about a problem I'm having with Auto Nating. We've always used Manual Natting in the past but then swapped up to an Active/Passive cluster and were having major problems with re-ARPing the manual ARPs in the event of failover.

Consequently we have been labouring long and hard to swap across to Auto Arps but I have had problems with devices in our external DMZ being Natted behind the external Virtual address when they talk inbound to our network. I thought CheckPoint would be intelligent enough to work out that it shouldn't do this by looking at its Topology but either I've got something wrong or its not as clever as I first thought. The only way I've found round it is to put a Manual NAT further up the rulebase saying don't NAT inbound but that seems a bit rubbish!

However with this new solution we would not have to worry about using Auto NATs and can go back to the much more configurable Manuals.

Thank you very much for this Gem of information.

Wish I'd read it about 3 months ago!!!!!!!

Regards

Webcam007