NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] I hate local.arp



Okay, so I see now why local.arp is such a bummer.

#1 - It does not work correctly.
#2 - see #1.

Per postings over the last couple weeks (I've saved them all) and Checkpoint
docs, I have tried to create the local.arp using nearly all permutations of
space vs. tab between IP and MAC, dashes or colons in MAC, WordPad, Notepad,
or DOS EDIT as editor, etc., all with no luck.  My static route in NT is
there.  I've created a workstation object with the internal IP address, and
(per Checkpoint documentation), added an automatic static translation rule
to the object using the NAT tab (I also tried creating the NAT rule
manually).  I have stopped and started the firewall numerous times during
these, both from the command line and the Services control panel.  I've
rebooted ad nauseum.

The symptom is always the same - when trying to connect to the internal Web
server via the NAT, the browser IMMEDIATELY returns a "page cannot be
displayed" error.  This happens from various locations with different
browsers.  I see the packet accepted in the log, along with the correct
translation information.  If I PING the ARPed address from another machine
on the same segment as the outside of the firewall, a correct IP/MAC pair
appears in the ARP table on the machine, put the PING times out.  I can PING
the "real" address of the outside of the firewall without issues.

Why is this so hard?  Someone please point out my stupidity and improve my
quality of life by providing the magic answer.  "Obvious" suggestions are
more than welcome.

Thank you very very very very much.

Dan Hitchcock
CCNA, MCSE
Network Engineer
Xylo, Inc. (formerly employeesavings.com)The work/life solution for corporate thought leaders



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents � 2003 Network Presence, LLC. All rights reserved.