[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Checkpoint dilemma (Route && ARP)
Any comment would be welcome as I don't want to use my intuition and change 500+ machines in one shot to get it wrong I created internal and external objects for each server I needed, now in order for NAT to work as such server1.internal (VPN addr), server1.external (static addr) I understand I have to assign both the route and ARP entries on the firewall machine. Now my question is just to be 100% sure: firewall.server.foo 23.45.67.1 aa:aa:aa:aa:aa:aa server1.internal.server.foo 10.10.1.5 bb:bb:bb:bb:bb:bb server1.external.server.foo 23.45.67.9 cc:cc:cc:cc:cc:cc So when I add the static ARP entries for each external, should I use the arp entry for the firewall? arp -s 23.45.67.9 aa:aa:aa:aa:aa:aa which is serv1.external's address with the firewall's MAC info route add 23.45.67.9 23.45.67.1 pub the external's Or is this wrong and it should be: arp -s 23.45.67.9 cc:cc:cc:cc:cc (machine to its own arp info) route add 23.45.67.9 23.45.67.1 pub I'm a bit confused since I'm thinking about my load balancing and the way the addressing is set, if server1.internal was to go down, and backup.server1 takes over, or if I have to quickly fix something then I would have to statically assign the ARP and routes again wouldn't I. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|