[FW1] limitations with NAT on Windows 2000 and FW1 SP3

["Moore, Scott" <scott.moore@FW1-NOSPAMpeopleclick.com>]

All,

Below are the instructions I received for how to setup Static NAT on a
Windows 2000 FW1 box.

I found there seems to be a limitation for how many arp proxies can be
cached.  I have a batch file that runs fwparp 17 times for 17 different
address and it consistenly bombs on the last one and gives me an NT
error (1450- Insufficient system resources exist to complete the
requested service.) 

Has anyone seen anything like this? 

thanks,

Please follow these set of actions:
1) Disable the "routing and Remote Access" (To access this service
please
go to: start -> programs -> Administrative Tools -> Routing and Remote
Access -> right click the
server and press disable)
2) Reboot the machine
3) Open the registry from command line by running the command "regedit"
4) Go to ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentContralSet\Services\Tcpip\Parameters
5) Change the value to "1" in the Dword key "IPEnableRouter"
6) Restart  the machine
7) Now you can run the 'fwparp.exe' utility as follow: 'fwparp static_ip
external_fw-1_ip'
8) Start the FireWall-1 machine (fwstart)
9) Install the policy.

(Note: On step #7 static_ip is the ip address that you are going to
be using.  External_fw-1_ip is the firewalls external ip address)

(Note that you have to run the 'fwparp.exe' after every Reboot)


Scott Moore, MCSE, MCT, MCP+I, CCA
Senior Systems Engineer
Engineering
scottmoore@peopleclick.com



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================