[pvtjoker27]

Need some help on this -

We have a deployment that is moving 3 registered subnets (formerly on 3 different FW's with 2 ext facing interfaces) to 3 registered subnets on a single NGX cluster.

Let's call the registered nets: 64.x.x.x (the subnet the ext interface of the CP is on), 191.x.x.x and 11.x.x.x.

The incoming "pipes" are aggregated via a fatpipe warp device - this device has 3 logical interfaces which connect via one physical interface to a switch - this is the switch which our single IPSO/CP NGX R60 external interface will connect.

We have internal devices that need to statically map to addresses on all three registered subnets. On our old FW solution, this wasn't a problem - it recieved a request for an address on the 191, 64 or 11 and simply passed it along to the internal host that was specified.

My question is this - does Checkpoint behave the same way?If I create a static NAT entry for an internal host, can it be on any of the three registered subnets, or does it have to be on the ext interface subnet (64.x.x.x)? Will the automatic functions cover the arp issues?

If not - any clues as to how to do this?