Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Henry_Nouel
Explorer

Can't access host external address - possible ARP issue

Hi All, I'm trying to access a test laptop externally that is in a IDF switch -> core switch -> DMZ switch -> Check Point 4800.  All using VLAN 25.  from the gateway I can ping the internal DMZ address, but I cannot ping the external.  I ran "tcpdump -eni eth1 arp" and I see requests but no replies.

0 Kudos
1 Reply
Maarten_Sjouw
Champion
Champion

How did you setup the NAT, manual or Automatic (use the NAT tab in the object)?

When you type fw ctl arp do you see the external IP with the mac fir the external interface?

When the first answer is manual and the second is no, then you need to add a proxy arp with the following command:

add arp proxy ipv4-address 123.123.123.121 interface eth1 

or 

add arp proxy ipv4-address 123.123.123.121 macaddress 00:1c:7f:aa:bb:cc real-ip 123.123.123.123

Where 123.123.123.121 is the external address of the test laptop and eth1 is the external interface, in the second command the macaddress is the address of the external interface and 123.123.123.123 is the external IP of the gateway.

Regards, Maarten
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events