Difference between revisions of "Setting Proxy ARP entries for Manual NATs"
From Tech-Wiki
(Created page with "Category:Check Point If your recently created manual NAT is not working, maybe you need to create manually proxy ARP entries. To do so, edit the file $FWDIR/conf/local.ar...") |
|||
(4 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
[[Category:Check Point]] | [[Category:Check Point]] | ||
+ | '''[[Check Point#Gaia|Back to Gaia]]''' | ||
+ | |||
If your recently created manual NAT is not working, maybe you need to create manually proxy ARP entries. | If your recently created manual NAT is not working, maybe you need to create manually proxy ARP entries. | ||
To do so, edit the file $FWDIR/conf/local.arp (or in VSX environments $FWDIR/CTX/CTX000<VSID>/conf/local.arp) | To do so, edit the file $FWDIR/conf/local.arp (or in VSX environments $FWDIR/CTX/CTX000<VSID>/conf/local.arp) | ||
− | The | + | The new line should look like this one below, where the MAC address should be the virtual MAC used by the security gateway on the incoming interface: |
192.168.10.100 00:1C:7F:82:01:FE | 192.168.10.100 00:1C:7F:82:01:FE | ||
+ | |||
+ | After applying the policy, validate using: | ||
+ | |||
+ | fw ctl arp | ||
+ | |||
+ | The Equivalent of that using Gaia would be: | ||
+ | |||
+ | add arp proxy ipv4-address 192.168.10.100 interface eth0 | ||
+ | |||
+ | And check with: | ||
+ | |||
+ | show arp proxy all |
Latest revision as of 21:54, 9 August 2016
If your recently created manual NAT is not working, maybe you need to create manually proxy ARP entries.
To do so, edit the file $FWDIR/conf/local.arp (or in VSX environments $FWDIR/CTX/CTX000<VSID>/conf/local.arp)
The new line should look like this one below, where the MAC address should be the virtual MAC used by the security gateway on the incoming interface:
192.168.10.100 00:1C:7F:82:01:FE
After applying the policy, validate using:
fw ctl arp
The Equivalent of that using Gaia would be:
add arp proxy ipv4-address 192.168.10.100 interface eth0
And check with:
show arp proxy all