https://community.checkpoint.com/t5/Firewall-and-Security-Management/Logical-Server-not-working-R-80-30/m-p/81486#M80725 That helps.<BR />What do you see on a tcpdump when you try and access 10.0.0.35 from the internal interface?<BR />What does fw ctl arp say?<BR />In general, a proxy-arp should be created, but perhaps it's not in this case. Thu, 09 Apr 2020 20:05:35 GMT PhoneBoy 2020-04-09T20:05:35Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Logical-Server-not-working-R-80-30/m-p/81255#M80722 <P>Hello,</P><P>&nbsp;</P><P>I have created several logical servers for load balancing traffic to a group of Internal servers.</P><P>The logical servers with Public Virtual IP addresses inwards to the Internal servers work fine, but the logical servers with Internal Virtual IP addresses&nbsp; towards internal servers are not working.&nbsp;</P><P>All the Virtual IP addresses are on same subnets as the Gateways interfaces.</P><P>Only difference being that the addresses on the Public Interface has entries in $FWDIR/conf/local.arp.</P><P>Should I create entries for the Internal Virtual IP addresses in $FWDIR/conf/local.arp ?</P><P>&nbsp;</P><P>Regards PM</P> Wed, 08 Apr 2020 05:50:00 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Logical-Server-not-working-R-80-30/m-p/81255#M80722 P_M 2020-04-08T05:50:00Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Logical-Server-not-working-R-80-30/m-p/81387#M80723 I'm confused what you mean by "internal virtual IP addresses."<BR />There should be servers that answer on those IP addresses.<BR />Can you describe your configuration in more detail?<BR />Screenshots and network diagrams would also help. Thu, 09 Apr 2020 00:09:37 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Logical-Server-not-working-R-80-30/m-p/81387#M80723 PhoneBoy 2020-04-09T00:09:37Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Logical-Server-not-working-R-80-30/m-p/81451#M80724 <P>Hello,</P><P>Sorry I was not clear, and hereby make another attempt to explain my dilemma.</P><P>Below are the screenshots of the rule and the configuration for the Logical Server. I attach a diagram of the Network Topology.</P><P>The Internal VIP (Logical Server) has a private IP address&nbsp; of 10.0.0.35 and is on a subnet on one of the FireWall Interface. Behind the Logical Server are two servers (servergroup) that are on the Internal network.</P><P>The Clients are on the Internal network, with private IP addresses, i.e. 10.1.2.29 for example, and the servers are in a Firewall segment (DMZ).</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="P_M_0-1586423450158.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/5474i0006228AB76AD79F/image-size/medium?v=v2&amp;px=400" role="button" title="P_M_0-1586423450158.png" alt="P_M_0-1586423450158.png" /></span></P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="P_M_1-1586423450165.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/5475i1A4C228CB9FF83DF/image-size/medium?v=v2&amp;px=400" role="button" title="P_M_1-1586423450165.png" alt="P_M_1-1586423450165.png" /></span></P><P>&nbsp;</P><P>The External Logical server (with Public IP address) works, and on the External Interface there is Proxy Arp configured for the IP address for the Logical server.&nbsp;</P><P>The Internal Logical server (with Private IP address) does not work, and if I understood CheckPoints Help manual right, then a Proxy Arp for this Logical Server would automatically be created during Publishing/Installation of the rule?</P><P>&nbsp;</P><P>Best regards&nbsp;</P><P>Peter</P><P>&nbsp;</P> Thu, 09 Apr 2020 13:40:49 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Logical-Server-not-working-R-80-30/m-p/81451#M80724 P_M 2020-04-09T13:40:49Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Logical-Server-not-working-R-80-30/m-p/81486#M80725 That helps.<BR />What do you see on a tcpdump when you try and access 10.0.0.35 from the internal interface?<BR />What does fw ctl arp say?<BR />In general, a proxy-arp should be created, but perhaps it's not in this case. Thu, 09 Apr 2020 20:05:35 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Logical-Server-not-working-R-80-30/m-p/81486#M80725 PhoneBoy 2020-04-09T20:05:35Z