NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] static NAT does not work on FP3

  • To: [email protected]
  • Subject: Re: [FW-1] static NAT does not work on FP3
  • From: Security <[email protected]>
  • Date: Thu, 6 Feb 2003 09:18:51 +0100
  • Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
  • Sender: Mailing list for discussion of Firewall-1 <[email protected]>
  • Thread-index: AcLNVhS1qzaJbIHfSp+9+J71kRlGJgAYB8Ug
  • Thread-topic: [FW-1] static NAT does not work on FP3
Hi,

If you check the "automatic arp configuration" the Firewall will only do
the arp if you use the nat option in your objects. If you don't have
that, it will not bother to look at your local.arp even if you have
entries in it.
So, what I found is that you have two options:
-Go with automatic arp, and use the nat settings in the objects you want
to nat.
(making double nat lines for inbound/outbound, routing handled by the fw
daemon)
-Go with the traditional method.
(manual local.arp, manual update routing table)

Personally, I still fancy the old way, but it looks like cp is pushing
towards the automatic settings....sad but true...

Jeroen.


-----Oorspronkelijk bericht-----
Van: John Swensson [mailto:[email protected]]
Verzonden: woensdag 5 februari 2003 19:37
Aan: [email protected]
Onderwerp: Re: [FW-1] static NAT does not work on FP3


I've found it better to go without automatic arp. I'm running Nokia's
3.6

NG FP3 HP1


-john

-----Original Message-----
From: Hal Dorsman [mailto:[email protected]]
Sent: Wednesday, February 05, 2003 7:35 AM
To: [email protected]
Subject: Re: [FW-1] static NAT does not work on FP3


I am dealing with the same issue on Solaris.  Seems to
be a bug (undocumented feature).  Anyone?

Hal

Hal Dorsman
Network Administrator
Rocky Mountain Elk Foundation
Missoula, Montana USA
[email protected]> -----Original Message-----
> From: Thomas Borger [mailto:[email protected]]
> Sent: Wednesday, February 05, 2003 4:49 AM
> To: [email protected]
> Subject: [FW-1] static NAT does not work on FP3
>
>
> Hi,
>
> OS=Nt4.0 SP6
> Firewall1-Version=NG FP3
>
> The problem is static NAT works only in the old mode. (additional
> routes, local.arp etc)
>
> If I use:  Policy ---> Global Properties ---> NAT "Automatic ARP
> configuration"
> and        Policy ---> Global Properties ---> NAT "TRanslate
> destination on
> client side"
>
> static NAT does not work.
> I`ve controlled the firewall arp table with: "fw ctl arp"
> issue: No proxy
> arp entries
>
> With a sniffer on the appropriate interface I see that the firewall
> always
> ask:
> who has ..xxx.xxx but the firewall should know it with his
> configuration.
>
> any hints?
>
> Thomas
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.