https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-problem/m-p/65542#M12181 So you changed the IP in the VS object, did you also push the policy? Both VS and VSX cluster would be best to push, normally only the VS policy needs to be pushed, but it wont hurt to also push the Cluster itself as well. Tue, 22 Oct 2019 08:42:12 GMT Maarten_Sjouw 2019-10-22T08:42:12Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-problem/m-p/65527#M12178 <P>Hello</P><P>&nbsp;</P><P>A week or so ago we changed an ip address on one of our interfaces from 10.157.1.10 to 10.184.0.2 we also changed the NAT rules that was configured to the old ip address.&nbsp;</P><P>But now still the firewall sends packets with the old ip of 10.157.1.10 and 12 even when those addreses are unconfigured.</P><P>Running R80.20 with HFA 103</P><P>&nbsp;</P><P>//Johan</P><P>&nbsp;</P> Tue, 22 Oct 2019 07:45:35 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-problem/m-p/65527#M12178 Johan_Rudberg 2019-10-22T07:45:35Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-problem/m-p/65538#M12179 Is this part of a cluster? Did you change the IP's in clish and in SmartConsole?<BR /> Tue, 22 Oct 2019 08:29:02 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-problem/m-p/65538#M12179 Maarten_Sjouw 2019-10-22T08:29:02Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-problem/m-p/65541#M12180 <P>Yes its a VSX cluster with two physical GWs and two VSes, the change was made in SmartConsole.</P><P>//Johan</P> Tue, 22 Oct 2019 08:31:03 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-problem/m-p/65541#M12180 Johan_Rudberg 2019-10-22T08:31:03Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-problem/m-p/65542#M12181 So you changed the IP in the VS object, did you also push the policy? Both VS and VSX cluster would be best to push, normally only the VS policy needs to be pushed, but it wont hurt to also push the Cluster itself as well. Tue, 22 Oct 2019 08:42:12 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-problem/m-p/65542#M12181 Maarten_Sjouw 2019-10-22T08:42:12Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-problem/m-p/65543#M12182 <P>Yes we have pushed VS policy several times and the cluster policy once now, but still the old ip address is used.</P><P>&nbsp;</P><P>//Johan</P> Tue, 22 Oct 2019 09:02:43 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-problem/m-p/65543#M12182 Johan_Rudberg 2019-10-22T09:02:43Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-problem/m-p/65545#M12183 <P>Any chance you have proxy arp in place?</P> <P>&nbsp;</P> <P>&nbsp;</P> Tue, 22 Oct 2019 09:20:40 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-problem/m-p/65545#M12183 _Val_ 2019-10-22T09:20:40Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-problem/m-p/65552#M12184 <P>Yes the automatic default Proxy ARP is enabled and the Merge Manual setting too, however in the local.arp file there is only one entry with the new ip address in it.</P><P>&nbsp;</P><P>//Johan</P> Tue, 22 Oct 2019 10:14:21 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-problem/m-p/65552#M12184 Johan_Rudberg 2019-10-22T10:14:21Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-problem/m-p/65570#M12185 <P>Please provide a log screenshot of accepted traffic still being NATted to the old address, the log card will show the NAT rules involved.&nbsp; Keep in mind that after changing a NAT address only new connections will start using it, old connections will continue using the old NAT address until they end.&nbsp; Are sure you are launching NEW connections for testing and not still riding on old ones?</P> <P>&nbsp;</P> Tue, 22 Oct 2019 13:42:46 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-problem/m-p/65570#M12185 Timothy_Hall 2019-10-22T13:42:46Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-problem/m-p/65574#M12186 Thank you we look into that!<BR /><BR />//Johan Tue, 22 Oct 2019 14:24:45 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-problem/m-p/65574#M12186 Johan_Rudberg 2019-10-22T14:24:45Z