[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Problem with arp -s in NG firewall on Windows 2000 ser ver



Under NG Fp2, you can place you local.arp file in the conf directory, not the state directory as you did in 4.1 NG FP3 which should have been released this last week (or maybe next week) allows the automatic nat to function properly, thus eliminating the need for the local.arp file. If you are going to use the local.arp method, be sure that you turn off the automatic arp feature in the policy editor.

Frank


-----Original Message-----
From: Barry-Roel Reyes [mailto:[email protected]]
Sent: Friday, September 27, 2002 1:19 PM
To: [email protected]
Subject: Re: [FW-1] Problem with arp -s in NG firewall on Windows 2000 ser ver

Currently, I'm looking to move from a single gateway to High Availability with Load Sharing using ClusterXL.  It appears I'm having an issue with ARP and Proxy ARP.  Has anyone gotten this to work with Win2K SP2 and NG FP2??

Is there a similar utility like fwparp.exe that will work for the virtual IP address created in my cluster?

-----Original Message-----
From: Matthias Leu [mailto:[email protected]]
Sent: Friday, September 27, 2002 10:25 AM
To: [email protected]
Subject: Re: [FW-1] Problem with arp -s in NG firewall on Windows 2000 ser ver

Hi,
using NAT with Windows 2000 Server has a known issue. The proxy-ARP
using local.arp doesn't work with Win2k but with NT when using manual
NAT. See also http://www.fw-1.de/aerasec/ng/manualNAT-MS.html
When using the tool fwparp.exe, it works fine. You find the tool at
http://support.checkpoint.com/kb/docs/public/firewall1/4_1/zip/fwparp.zip
Hope it helps,
best regards,
Matthias
http://www.fw-1.de


Trent Libby wrote:
> I had similar problems on my Win2K server.  I had to add the external IP of
> my internal server to the external NIC through advanced properties.  I read
> that this sometimes helps from http://www.deathstar.ch/security/fw1/. But I
> cannot remember the exact FAQ.  It worked though so you may try it.  Might
> want to double check all your rules to allow the traffic in also.
>
> Trent Libby
>


--
AERAsec Network Services and Security GmbH
Wagenberger Stra�e 1
D-85662 Hohenbrunn, Germany
http://www.aerasec.de

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================