 | ||
 Hide NAT with Proxy-Arp Issue. | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2007-05-25 | |||
| |||
 Hide NAT with Proxy-Arp Issue. Recenty I create Security Policy + Manual NAT Policy like this Security Policy : From HostA / To HostB / Service Any / Accept / Log NAT Policy : From HostA / To HostB / Service Any / NATSrc HostA-NAT / Original / Original After install security policy, I try to ping HostB from HostA but ping didn't work. Then I tcpdump on outgoing interface and found that ping from HostA is arrive at HostB then HostB broadcast arp-request from HostA-NAT and no one reply to that question. I type "fw ctl arp" and there is no Proxy-arp list here. But when I change Manual NAT to Automatic NAT, It's work completely. Suggestion please, Edit: This Machine is CheckPoint NGX R60 with Enforcement Module + Smart Center Server on it and running on SecurePlatform. Last edited by Wutkung; 2007-05-25 at 00:23.  |
| 2007-05-25 | |||
| |||
| Re: Hide NAT with Proxy-Arp Issue. if you dont have proxy arp enabled for the interface and configured the /etc/ethers file there is no arp entry. The simples solution to manage arp at the gateway on SPLAT is # touch $FWDIR/conf/local.arp file $FWDIR/conf/local.arp --------------------------------- # proxy_arp_ip Interface_MAC Interface_real_IP push the policy with manual nat rule and then take a look with fw ctl arp. |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
