Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

NAT not working even after manual proxy arp enabled on R 77.30


enabled hide nat . source is a group object ( 5 sub networks are members). when I capture the traffic on perimeter router I don't see the response. I get "incomplete" for the sh IP arp command on perimeter router.

Manual proxy enabled . still the same issue

0 Kudos
6 Replies
Highlighted

Re: NAT not working even after manual proxy arp enabled on R 77.30

If the hiding address does not show up in the output of command fw ctl arp you did not add the manual proxy ARP correctly; see sk30197.  If it does show up in the output of fw ctl arp make sure clustering is disabled under cpconfig (assuming of course it is just a single firewall and not part of a cluster).  If the firewall is part of a cluster, make sure it is in an active state with cphaprob stat.

--
My Book "Max Power: Check Point Firewall Performance Optimization"
Second Edition Coming Soon

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
0 Kudos

Re: NAT not working even after manual proxy arp enabled on R 77.30

This is cluttered setup and I enabled the manual proxy arp already.and the firewall also in the active state.What could be other reasons?

0 Kudos
Highlighted

Re: NAT not working even after manual proxy arp enabled on R 77.30

be sure that in global properties under nat section merge with local proxy arp is flagged

0 Kudos
Highlighted

Re: NAT not working even after manual proxy arp enabled on R 77.30

as Tim Hall wrote: make sure to check that the NAT IP you use for hide operation is shown when issueing the command "fw ctl arp"

Highlighted

Re: NAT not working even after manual proxy arp enabled on R 77.30

Hi,

Capture data with fw monitor where you will find the NAT operation is happening or not with i,I,o,O and finally capture the data with tcpdump.

0 Kudos
Highlighted

Re: NAT not working even after manual proxy arp enabled on R 77.30

Is the address space your using associated with the external interface of your firewall??

0 Kudos