Automatic arp is only for automatic nat rules. This does not work for manual nat rules.
-----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Phil Wang Sent: Wednesday, October 06, 2004 7:42 PM To: [EMAIL PROTECTED] Subject: Re: [FW-1] Proxy ARP not working with manual NAT with Secure Platform NG AI R55 I have done both from the every beginning of destination client side and automatic arp configuration, but not seem to be working. Cheers, Phil -----Original Message----- From: William Iselin [mailto:[EMAIL PROTECTED] Sent: Wednesday, 6 October 2004 11:36 PM To: [EMAIL PROTECTED] Subject: Re: [FW-1] Proxy ARP not working with manual NAT with Secure Platform NG AI R55 You don't need to add manual arp entries. Go into Global Properties -> NAT and make sure the defaults are selected, which is all of them (but the 'automatic arp configuration' is what's important here). It will create arps for both automatic nat and manual nat. HTH, Bill -----Original Message----- From: Phil Wang [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 06, 2004 4:40 AM To: [EMAIL PROTECTED] Subject: [FW-1] Proxy ARP not working with manual NAT with Secure Platform NG AI R55 Hi All, I have installed a NG AI R55 on a SPLAT. I noticed that the f/w doesn't response to manual NAT ruled IP address. I have setting as follows: f/w interaces: Ext: 202.x.x.1/27 Int: 192.168.1.1/24 DMZ: 10.10.1.1/24 Mail Server: 192.168.1.9 DMZ Server: 10.10.1.11 There requirements are 1. nat mail server to 202.x.x.9 on SMTP port 25 2.1 nat DMZ server to 202.x.x.11 on HTTPS port 443 2.2 nat DMZ server to 202.x.x.21 on HTTPS port 443 with port redirction to tcp port 442. First I added three arp entries for these 3 IP addresses respectively. Then I created two automatic NAT rules for requirement 1 and 2.1 and one manual NAT rule for 2.2. Both automatic rules are working fine but seems the f/w is not responding the arp query to the manual NATed IP 202.x.x.21. I see all arp entries with arp command but only see two automatic NATed arp entries with fw ctl arp. Also, went through some doc found online, tried to add a specific route of 202.x.x.21 with gw to 10.10.1.12. Did not work either. Another thing I tried is to use mapped https and I found if I use the f/w address 202.x.x.1 instead of 202.x.x.21. It workes. With 202.x.x.21(and the arp entry added in), no luck either. I have got SPLAT has some proxy arp issues needs to add arp entry and specific route. Now it seems proxy arp works only with automatic NAT rules but not manaul NAT rule. Anyone has seen this issue before? Thanks, Phil ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= Please note that: 1. This e-mail may constitute privileged information. If you are not the intended recipient, you have received this confidential email and any attachments transmitted with it in error and you must not disclose, copy, circulate or in any other way use or rely on this information. 2. E-mails to and from the company are monitored for operational reasons and in accordance with lawful business practices. 3. The contents of this email are those of the individual and do not necessarily represent the views of the company. 4. The company does not conclude contracts by email and all negotiations are subject to contract. 5. The company accepts no responsibility once an e-mail and any attachments is sent. http://www.integralis.com ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
