Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Participant

NAT not working even after manual proxy arp enabled on R 77.30


enabled hide nat . source is a group object ( 5 sub networks are members). when I capture the traffic on perimeter router I don't see the response. I get "incomplete" for the sh IP arp command on perimeter router.

Manual proxy enabled . still the same issue

0 Kudos
6 Replies
Highlighted
Champion
Champion

If the hiding address does not show up in the output of command fw ctl arp you did not add the manual proxy ARP correctly; see sk30197.  If it does show up in the output of fw ctl arp make sure clustering is disabled under cpconfig (assuming of course it is just a single firewall and not part of a cluster).  If the firewall is part of a cluster, make sure it is in an active state with cphaprob stat.

--
My Book "Max Power: Check Point Firewall Performance Optimization"
Second Edition Coming Soon

R80.40 addendum for book "Max Power 2020" now available
for free download at http://www.maxpowerfirewalls.com
0 Kudos
Highlighted
Participant

This is cluttered setup and I enabled the manual proxy arp already.and the firewall also in the active state.What could be other reasons?

0 Kudos
Highlighted

be sure that in global properties under nat section merge with local proxy arp is flagged

0 Kudos
Highlighted

as Tim Hall wrote: make sure to check that the NAT IP you use for hide operation is shown when issueing the command "fw ctl arp"

Highlighted

Hi,

Capture data with fw monitor where you will find the NAT operation is happening or not with i,I,o,O and finally capture the data with tcpdump.

0 Kudos
Highlighted

Is the address space your using associated with the external interface of your firewall??

0 Kudos