Can't access host external address - possible ARP issue

Henry_Nouel — Mon, 17 Sep 2018 23:32:25 GMT

Hi All, I'm trying to access a test laptop externally that is in a IDF switch -> core switch -> DMZ switch -> Check Point 4800. All using VLAN 25. from the gateway I can ping the internal DMZ address, but I cannot ping the external. I ran "tcpdump -eni eth1 arp" and I see requests but no replies.

Re: Can't access host external address - possible ARP issue

Maarten_Sjouw — Tue, 18 Sep 2018 06:22:58 GMT

How did you setup the NAT, manual or Automatic (use the NAT tab in the object)?

When you type fw ctl arp do you see the external IP with the mac fir the external interface?

When the first answer is manual and the second is no, then you need to add a proxy arp with the following command:

add arp proxy ipv4-address 123.123.123.121 interface eth1

add arp proxy ipv4-address 123.123.123.121 macaddress 00:1c:7f:aa:bb:cc real-ip 123.123.123.123

Where 123.123.123.121 is the external address of the test laptop and eth1 is the external interface, in the second command the macaddress is the address of the external interface and 123.123.123.123 is the external IP of the gateway.

topic Can't access host external address - possible ARP issue in Firewall and Security Management

Can't access host external address - possible ARP issue

Re: Can't access host external address - possible ARP issue