NAT not working even after manual proxy arp enable...

ganeshan_dharm1 · ‎2017-12-04

enabled hide nat . source is a group object ( 5 sub networks are members). when I capture the traffic on perimeter router I don't see the response. I get "incomplete" for the sh IP arp command on perimeter router.

Manual proxy enabled . still the same issue

Timothy_Hall · ‎2017-12-04

If the hiding address does not show up in the output of command fw ctl arp you did not add the manual proxy ARP correctly; see sk30197. If it does show up in the output of fw ctl arp make sure clustering is disabled under cpconfig (assuming of course it is just a single firewall and not part of a cluster). If the firewall is part of a cluster, make sure it is in an active state with cphaprob stat.

--
My Book "Max Power: Check Point Firewall Performance Optimization"
Second Edition Coming Soon

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

ganeshan_dharm1 · ‎2017-12-04

This is cluttered setup and I enabled the manual proxy arp already.and the firewall also in the active state.What could be other reasons?

Marco_Valenti · ‎2017-12-05

be sure that in global properties under nat section merge with local proxy arp is flagged

Norbert_Bohusch · ‎2017-12-05

as Tim Hall wrote: make sure to check that the NAT IP you use for hide operation is shown when issueing the command "fw ctl arp"

Gaurav_Pandya · ‎2017-12-05

Hi,

Capture data with fw monitor where you will find the NAT operation is happening or not with i,I,o,O and finally capture the data with tcpdump.

Juan_Concepcion · ‎2017-12-05

Is the address space your using associated with the external interface of your firewall??

Are you a member of CheckMates?

NAT not working even after manual proxy arp enabled on R 77.30