Automatic and Proxy ARP
Giving a computer on the internal network an IP address from an external network using NAT makes that computer appear on the external network. When NAT on the Security Gateway
Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. is configured automatically, the Security Gateway replies on behalf of translated network objects to ARP Requests that are sent from the external network for the IP address of the internal computer.
|
Item |
Description |
|---|---|
|
1 |
Computer on the internal network with IP address 10.1.1.3 |
|
2 |
Security Gateway with external interface IP address 192.168.0.2 responds to ARP Requests on behalf of translated internal objects |
|
3 |
Translated IP Address 192.168.0.3 on the external network |
|
4 |
External network |
If you are using manual NAT rules, you must configure Proxy ARP entries to associate the translated IP address with the MAC address of the Security Gateway interface that is on the same network as the translated IP addresses.
See sk30197 for more information about configuring:
-
Proxy ARP for IPv4 Manual NAT.
-
Proxy ARP for Scalable Platforms.
Proxy ARP entries are not generated automatically for CGNAT translated Address Ranges. To resolve this issue, configure the Proxy ARP entries manually. Refer to sk30197.
See sk91905 for more about configuring Proxy NDP for IPv6 Manual NAT.