cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Can't access host external address - possible ARP issue

Hi All, I'm trying to access a test laptop externally that is in a IDF switch -> core switch -> DMZ switch -> Check Point 4800.  All using VLAN 25.  from the gateway I can ping the internal DMZ address, but I cannot ping the external.  I ran "tcpdump -eni eth1 arp" and I see requests but no replies.

0 Kudos
1 Reply

Re: Can't access host external address - possible ARP issue

How did you setup the NAT, manual or Automatic (use the NAT tab in the object)?

When you type fw ctl arp do you see the external IP with the mac fir the external interface?

When the first answer is manual and the second is no, then you need to add a proxy arp with the following command:

add arp proxy ipv4-address 123.123.123.121 interface eth1 

or 

add arp proxy ipv4-address 123.123.123.121 macaddress 00:1c:7f:aa:bb:cc real-ip 123.123.123.123

Where 123.123.123.121 is the external address of the test laptop and eth1 is the external interface, in the second command the macaddress is the address of the external interface and 123.123.123.123 is the external IP of the gateway.

Regards, Maarten
0 Kudos