Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

NAT not working even after manual proxy arp enabled on R 77.30


enabled hide nat . source is a group object ( 5 sub networks are members). when I capture the traffic on perimeter router I don't see the response. I get "incomplete" for the sh IP arp command on perimeter router.

Manual proxy enabled . still the same issue

0 Kudos
6 Replies
Highlighted

If the hiding address does not show up in the output of command fw ctl arp you did not add the manual proxy ARP correctly; see sk30197.  If it does show up in the output of fw ctl arp make sure clustering is disabled under cpconfig (assuming of course it is just a single firewall and not part of a cluster).  If the firewall is part of a cluster, make sure it is in an active state with cphaprob stat.

--
My Book "Max Power: Check Point Firewall Performance Optimization"
Second Edition Coming Soon

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
0 Kudos
Highlighted

This is cluttered setup and I enabled the manual proxy arp already.and the firewall also in the active state.What could be other reasons?

0 Kudos

be sure that in global properties under nat section merge with local proxy arp is flagged

0 Kudos
Highlighted

as Tim Hall wrote: make sure to check that the NAT IP you use for hide operation is shown when issueing the command "fw ctl arp"

Highlighted

Hi,

Capture data with fw monitor where you will find the NAT operation is happening or not with i,I,o,O and finally capture the data with tcpdump.

0 Kudos
Highlighted

Is the address space your using associated with the external interface of your firewall??

0 Kudos