This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Henry_Nouel
Explorer
‎2018-09-17 04:32 PM

Can't access host external address - possible ARP issue

Hi All, I'm trying to access a test laptop externally that is in a IDF switch -> core switch -> DMZ switch -> Check Point 4800.  All using VLAN 25.  from the gateway I can ping the internal DMZ address, but I cannot ping the external.  I ran "tcpdump -eni eth1 arp" and I see requests but no replies.

0 Kudos
1 Reply
Maarten_Sjouw
Champion
Champion
‎2018-09-17 11:22 PM

How did you setup the NAT, manual or Automatic (use the NAT tab in the object)?

When you type fw ctl arp do you see the external IP with the mac fir the external interface?

When the first answer is manual and the second is no, then you need to add a proxy arp with the following command:

add arp proxy ipv4-address 123.123.123.121 interface eth1 

or 

add arp proxy ipv4-address 123.123.123.121 macaddress 00:1c:7f:aa:bb:cc real-ip 123.123.123.123

Where 123.123.123.121 is the external address of the test laptop and eth1 is the external interface, in the second command the macaddress is the address of the external interface and 123.123.123.123 is the external IP of the gateway.

Regards, Maarten
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events