I have Checkpoint Firewall sitting behind a router, the ISP terminates on the router. Internet Users can't get to the webserver in the DMZ. Can anyone help me with the adjustment i have to make to the NAT rule on the Checkpoint
Or maybe there is anything else i could do apart from the NAT that can make it work.
Note: Before the introduction of the router, the ISP terminated on the Checkpoint Firewall and everything was working perfectly well. Internet users was accessing the webserver in the DMZ. But after the introduction of the router , they can't access it any more. PLEASE HELP
Did you use manual NAT rules or did you add the NAT IP in the object of the Webserver, if you do the latter, there will be an automatic Proxy ARP entry that will take care of that.
When using Manual NAT you need to make sure to add a Proxy ARP entry in clish:
add arp proxy ipv4-address 184.108.40.206 macaddress 00:1c:7f:33:22:11 real-ip 220.127.116.11
18.104.22.168 is the NAT address for the Webserver, 00:1c:7f:33:22:11 is the MacAddress for the Internet interface and 22.214.171.124 is the Internet facing IP of the FW, now first push policy.
After the push you can check the availability of the Proxy ARP with:
fw ctl arp
Retrieving data ...