https://community.checkpoint.com/t5/General-Topics/Port-forwarding/m-p/32834#M6857 <HTML><HEAD></HEAD><BODY><P>I don't quite understand the problem.</P><P></P><P>- Can you see an arp entry for the VIP?</P><P></P><P>- Create a manual NAT rule!</P><P></P><P>- Add a proxy arp address if necessary!</P><P></P><P>What does a fw monitor show?</P><P></P><P># fwaccl off</P><P># fw monitor -e "accept(src=&lt;host&gt; or dst=&lt;host&gt;);"</P><P></P><P>Regards</P><P>Heiko</P></BODY></HTML> Thu, 01 Mar 2018 12:59:29 GMT HeikoAnkenbrand 2018-03-01T12:59:29Z https://community.checkpoint.com/t5/General-Topics/Port-forwarding/m-p/32832#M6855 <HTML><HEAD></HEAD><BODY><P>Hi, everyone</P><P><SPAN style="font-size: 11.5pt; color: #333333; background: white;">I’ve got HA ClusterXL with 3 &nbsp;VIP interfaces (1 WAN and 2 LAN) (see attached pic1).</SPAN></P><P><SPAN style="font-size: 11.5pt; color: #333333; background: white;">When I do port forwarding for LAN – its works fine (smtp).</SPAN></P><P><SPAN style="font-size: 11.5pt; color: #333333; background: white;">But for VIP DMZ – it doesn’t works (ftp)</SPAN></P><P><SPAN style="font-size: 11.5pt; color: #333333; background: white;">In logging everything – OK – rule is working, but in the NAT section (pic 2) destination – wrong server (cloud). The cloud – has own rule for publishing (smtp). </SPAN></P><P><SPAN style="font-size: 11.5pt; color: #333333; background: white;">We have only one public IP.</SPAN></P><P><SPAN style="font-size: 11.5pt; color: #333333; background: white;">What should I do to make port forwarding working correctly?</SPAN></P><P><SPAN style="font-size: 11.5pt; color: #333333; background: white;">&nbsp;</SPAN></P><P><SPAN style="font-size: 11.5pt; color: #333333; background: white;">Thanks</SPAN></P></BODY></HTML> Thu, 01 Mar 2018 09:48:43 GMT https://community.checkpoint.com/t5/General-Topics/Port-forwarding/m-p/32832#M6855 Andy_N 2018-03-01T09:48:43Z https://community.checkpoint.com/t5/General-Topics/Port-forwarding/m-p/32833#M6856 <HTML><HEAD></HEAD><BODY><P>I did it myself.</P><P>Manual NAT - no more</P></BODY></HTML> Thu, 01 Mar 2018 11:29:19 GMT https://community.checkpoint.com/t5/General-Topics/Port-forwarding/m-p/32833#M6856 Andy_N 2018-03-01T11:29:19Z https://community.checkpoint.com/t5/General-Topics/Port-forwarding/m-p/32834#M6857 <HTML><HEAD></HEAD><BODY><P>I don't quite understand the problem.</P><P></P><P>- Can you see an arp entry for the VIP?</P><P></P><P>- Create a manual NAT rule!</P><P></P><P>- Add a proxy arp address if necessary!</P><P></P><P>What does a fw monitor show?</P><P></P><P># fwaccl off</P><P># fw monitor -e "accept(src=&lt;host&gt; or dst=&lt;host&gt;);"</P><P></P><P>Regards</P><P>Heiko</P></BODY></HTML> Thu, 01 Mar 2018 12:59:29 GMT https://community.checkpoint.com/t5/General-Topics/Port-forwarding/m-p/32834#M6857 HeikoAnkenbrand 2018-03-01T12:59:29Z https://community.checkpoint.com/t5/General-Topics/Port-forwarding/m-p/32835#M6858 <HTML><HEAD></HEAD><BODY><P>Thanks for reply, Heiko</P><P>I did manual NAT rules.</P><P>Everything is working well.</P><P>Thanks.</P></BODY></HTML> Mon, 05 Mar 2018 05:21:10 GMT https://community.checkpoint.com/t5/General-Topics/Port-forwarding/m-p/32835#M6858 Andy_N 2018-03-05T05:21:10Z