Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ganeshan_dharm1
Participant

NAT not working even after manual proxy arp enabled on R 77.30


enabled hide nat . source is a group object ( 5 sub networks are members). when I capture the traffic on perimeter router I don't see the response. I get "incomplete" for the sh IP arp command on perimeter router.

Manual proxy enabled . still the same issue

0 Kudos
6 Replies
Timothy_Hall
Champion
Champion

If the hiding address does not show up in the output of command fw ctl arp you did not add the manual proxy ARP correctly; see sk30197.  If it does show up in the output of fw ctl arp make sure clustering is disabled under cpconfig (assuming of course it is just a single firewall and not part of a cluster).  If the firewall is part of a cluster, make sure it is in an active state with cphaprob stat.

--
My Book "Max Power: Check Point Firewall Performance Optimization"
Second Edition Coming Soon

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
ganeshan_dharm1
Participant

This is cluttered setup and I enabled the manual proxy arp already.and the firewall also in the active state.What could be other reasons?

0 Kudos
Marco_Valenti
Advisor

be sure that in global properties under nat section merge with local proxy arp is flagged

0 Kudos
Norbert_Bohusch
Advisor

as Tim Hall wrote: make sure to check that the NAT IP you use for hide operation is shown when issueing the command "fw ctl arp"

Gaurav_Pandya
Advisor

Hi,

Capture data with fw monitor where you will find the NAT operation is happening or not with i,I,o,O and finally capture the data with tcpdump.

0 Kudos
Juan_Concepcion
Advisor

Is the address space your using associated with the external interface of your firewall??

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events