RE: [FW1] CP2000 on Win2k / SP3 / local.arp

["Palmer, Kevin" <KPalmer@FW1-NOSPAMgsite.com>]

Arno,

 

I just finished reading the release notes for FW-1 v4.1 SP3. The following is from the "Limitations" section.

 

3 The local.arp file mechanism for ARP publishing does not
work on Windows 2000 which prevents the static destination
NAT from working. The current workaround is to add a static
route to direct the NATted traffic to the VPN-1/FireWall-1
gateway.

I am assuming that CheckPoint wants users to add a static route to the Internet access router. The workaround is alright if you have access to the router in front of your firewall. Most of my customers do not have the ability to make or request changes to their access routers. Until this issue is resolved I won't be deploying CP2000 on W2K.

Kevin Palmer
Network Engineer - MCSE+I, CCSE
Granite Solutions, Inc.
P:
P:
F:
http://www.gsite.com

-----Original Message-----
From: Arno Hechenberger [mailto:arno@citydata.at]
Sent: Monday, December 18, 2000 3:36 PM
To: 'Jon Vandiveer'; FW-1 Mailing List (E-Mail)
Subject: AW: [FW1] CP2000 on Win2k
Importance: High

HI !!!

 

I've just installed FW-1 on Win2000. It works fine and about 20% faster than WinNT40 on the same hardware.

 

... but the FW-1 kernel is ignoring my local.arp for the static and hide NAT functions !!!!

 

How to solve this problem ???

 

 

-----Ursprüngliche Nachricht-----
Von: owner-fw-1-mailinglist@lists.us.checkpoint.com [mailto:owner-fw-1-mailinglist@lists.us.checkpoint.com]Im Auftrag von Jon Vandiveer
Gesendet: Donnerstag, 23. November 2000 18:37
An: EDAVIDSON@PRIMEINC.COM
Cc: fw-1-mailinglist@lists.us.checkpoint.com
Betreff: [FW1] CP2000 on Win2k

It works, use the setup.exe

 

there are some limitations though (local.arp) does not work and you have to turn on IP forwarding..... this is done with a reg hack to win2k

 

CP will support you on this

 

Jon