[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] static NAT does not work on FP3
Hi, If you check the "automatic arp configuration" the Firewall will only do the arp if you use the nat option in your objects. If you don't have that, it will not bother to look at your local.arp even if you have entries in it. So, what I found is that you have two options: -Go with automatic arp, and use the nat settings in the objects you want to nat. (making double nat lines for inbound/outbound, routing handled by the fw daemon) -Go with the traditional method. (manual local.arp, manual update routing table) Personally, I still fancy the old way, but it looks like cp is pushing towards the automatic settings....sad but true... Jeroen. -----Oorspronkelijk bericht----- Van: John Swensson [mailto:[email protected]] Verzonden: woensdag 5 februari 2003 19:37 Aan: [email protected] Onderwerp: Re: [FW-1] static NAT does not work on FP3 I've found it better to go without automatic arp. I'm running Nokia's 3.6 NG FP3 HP1 -john -----Original Message----- From: Hal Dorsman [mailto:[email protected]] Sent: Wednesday, February 05, 2003 7:35 AM To: [email protected] Subject: Re: [FW-1] static NAT does not work on FP3 I am dealing with the same issue on Solaris. Seems to be a bug (undocumented feature). Anyone? Hal Hal Dorsman Network Administrator Rocky Mountain Elk Foundation Missoula, Montana USA [email protected]> -----Original Message----- > From: Thomas Borger [mailto:[email protected]] > Sent: Wednesday, February 05, 2003 4:49 AM > To: [email protected] > Subject: [FW-1] static NAT does not work on FP3 > > > Hi, > > OS=Nt4.0 SP6 > Firewall1-Version=NG FP3 > > The problem is static NAT works only in the old mode. (additional > routes, local.arp etc) > > If I use: Policy ---> Global Properties ---> NAT "Automatic ARP > configuration" > and Policy ---> Global Properties ---> NAT "TRanslate > destination on > client side" > > static NAT does not work. > I`ve controlled the firewall arp table with: "fw ctl arp" > issue: No proxy > arp entries > > With a sniffer on the appropriate interface I see that the firewall > always > ask: > who has ..xxx.xxx but the firewall should know it with his > configuration. > > any hints? > > Thomas > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|