[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] NAT of static model in cluster

To: [email protected]
Subject: [FW-1] NAT of static model in cluster
From: Guangcheng Wen <[email protected]>
Date: Fri, 27 Sep 2002 10:28:59 +0900
In-Reply-To: <009601c26570$f6b2ca10$640110ac@cc247073d>
References: <198ECD219A2BD5119E2B00508B5EE9D205D0CC6A@nbnuchmail2.nesbittburns.ca> <[email protected]> <009601c26570$f6b2ca10$640110ac@cc247073d>
Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hello,
Thanks a lot.
My platform is Solaris8 and FW-1 is NG FP2.

wosterman1> The most likely cause is the arp settings.  You need to create a proxy or
wosterman1> published arp for the static NAT.

Sorry,I am new to FW-1. Would you please tell me howto do it?

I have heard that there are problems with
wosterman1> the automatic arp creation in NG so be careful.  If you do it manually it is
wosterman1> platform dependent.

In the Global Properties of Policy Editor,
Allow bi-directional NAT, Translate destination on client side
and Automatic ARP configuration are checked in NAT sub-manual.
is it not enough?

Best regards,

--Wen

wosterman1> ----- Original Message -----
wosterman1> From: "Guangcheng Wen" <[email protected]>
wosterman1>
wosterman1> > Hello,
wosterman1> > Thanks so much for your information.
wosterman1> > Yes, just as your said, Cluster HA even Cluster XL works under eval key.
wosterman1> > But I have a problem with NAT(static model). I have made a Nodes object
wosterman1> > for a Web server on internal LAN.
wosterman1> > IP Address: 192.168.2.63
wosterman1> > "Add Automatic Address Translation rules" is checked.
wosterman1> > Translation method: static
wosterman1> > Network IP Address: 200.240.2.4(FW Cluster's VIP)
wosterman1> > Install on Gateway: Cluster object
wosterman1> > When I access from 192.168.2.63 to a Web server outside is OK,
wosterman1> > and the source IP is converted to 200.168.2.63. But when I access
wosterman1> > the inetrnal Web server(192.168.2.63) by http://200.240.2.4/,
wosterman1> > it failed.
wosterman1> > If the Network IP Address is set to one of FW real IP, it wokes.
wosterman1> > Any idea? Thanks a lot.

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] NAT of static model in cluster
  - From: Xena Warrior <[email protected]>

References:
- Re: [FW-1] License about High Availability
  - From: "Washco, Marc" <[email protected]>
- Re: [FW-1] License about High Availability
  - From: Guangcheng Wen <[email protected]>
- Re: [FW-1] License about High Availability
  - From: Bill <[email protected]>

Prev by Date: [FW-1] rule 0 drops for unknown established tcp packet
Next by Date: Re: [FW-1] Upgrading license - still sticking with 4.1 FW-1/VPN-1, reconfig?
Prev by thread: Re: [FW-1] License about High Availability
Next by thread: Re: [FW-1] NAT of static model in cluster
Index(es):
- Date
- Thread