Hello, You can use NAT in 2 ways with CheckPoint to publish services and it is NOT necessary for the public IPs used for that matter, to be assigned to the cluster itself.
1) Automatic NAT: Just create an object representing the internal server you want to publish (with its private IP) and in the NAT tab of the object, enable STATIC and type the public IP you want to use to publish this server. Install the policy and Check Point will make sure to add the necessary changes to do proxy arp. 2) Manual NAT: This scenario will be required if you need to do port redirection because you must use the same public IP for more than one service due to lack of enough public IPs (scenario described above works in a one by one basis only). Here you need to go to the NAT tab of your Smart Dashboard and manually create the required NAT rules, but the deal here is proxy arp won't work automatically. To make that work, you must edit $FWDIR/conf/local.arp (usually it won't be there by default and you must create it). The contents of such fle is just a list of IPs and corresponding MAC Addresses separated by a space, one by line. Documentation says you must restart a gateway after editing that file, but I have come to reallize a simple policy installation makes the changes take efect. I hope this info will help. Regards On Thu, Feb 19, 2009 at 4:01 AM, carlopmart <[email protected]> wrote: > Hi all, > > I have recently installed two CheckPoint NGX R65 HFA40 nodes under RHEL3 > ES with ClusterXL in HA mode (new HA mode only, without load sharing). I > have 6 public ips assigned like this: > > .1 = Router > .2 = checkPoint node1 > .3 = checkpiint node2 > .4 = clusterxl ip > .5 = free > .6 = free > > My problem is: how can I assign .5 and .6 ip's to this cluster and use it > to publish some public services as a web servers?? > > Using proxy arp?? but how?? > > Many thanks for your help. > -- > CL Martinez > carlopmart {at} gmail {d0t} com > > Scanned by Check Point Total Security Gateway. > > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > -- Sergio Alvarez +(506)88301342 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
