CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. Come to CPUG CON 2008 EUROPE in Switzerland on September 8th - 9th!
    Two days full of technical content for Check Point administrators in the beautiful Swiss Alps!
    We already have sign-ups from twelve different countries!
2. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 7/14, 8/25, 10/6, 11/3, 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8.
3. Corrent S3500 SecureXL Turbocards For Sale - Last Six Remaining - Get Your Spares!
4. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > NAT (Network Address Translation)
Reload this Page port address translation
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2008-05-14
oliver oliver is offline
Member
  
Join Date: 2006-01-12
Location: Innsbruck, Austria
Posts: 46
Rep Power: 0
oliver has an average reputation (10+)
Default port address translation
hello,

we´re using SPLAT R60.

there´s a change request to enable http/https from one of our public ip addresses be redirected to a host in dmznet2 and from the same public ip 25/tcp to a host in dmznet1.

i´ve enabled all necessary services in security policy and configured manual static nat:

ANY - TrueIP - http - Original - host1 -Original
ANY - TrueIP - https - Original - host1 -Original
ANY - TrueIP - smtp - Original - host2 -Original

Manual NAT rule "Translate destination on client side" is enabled but when entering fw ctl arp i don´t get an arp entry listed for TrueIP.

thanks in advance for any help!

kind regards
oliver
Reply With Quote
  #2 (permalink)  
Old 2008-05-14
mcnallym mcnallym is offline
Senior Member
  
Join Date: 2007-06-04
Posts: 857
Rep Power: 2
mcnallym has an average reputation (10+)
Default Re: port address translation
With the manual NAT then there is no automatic Arp entry created.

Create an entry in the local.arp file for the TrueIP address with the MAC of the external interface.
Reply With Quote
  #3 (permalink)  
Old 2008-05-15
sebastan_bach sebastan_bach is offline
Senior Member
  
Join Date: 2005-10-12
Posts: 254
Rep Power: 3
sebastan_bach has an average reputation (10+)
Send a message via Yahoo to sebastan_bach
Default Re: port address translation
hi rather than adding manual arp entries just add a route on the external device for the static public ip pointing to the external interface of the firewall.

cause i have faced issues in splat even though adding manual arp entries sometimes the firewall would not respond to arp request.but when u add a route it works like a charm

this is much easier.

regards

sebastan
Reply With Quote
  #4 (permalink)  
Old 2008-05-15
oliver oliver is offline
Member
  
Join Date: 2006-01-12
Location: Innsbruck, Austria
Posts: 46
Rep Power: 0
oliver has an average reputation (10+)
Default Re: port address translation
ok, thank you very much for your replies.

have a great day
oliver
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 12:53.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0