Jay,
> I have a basic query on Firewall NAT.When I configure my
> checkpoint firewall to do static NAT I have to configure the
> firewall to accept packets in a arp proxying mode.And I am
> asked to put a route to the particular public IP saying that
> to go to the particuar NATed public IP go to the private IP
> in the LAN.
The thing to remember here is the order in which checkpoint handles NAT and routing. Routing is handled *before* NAT. THat is why you have to add the ARP and static route entries.
The packet is picked up by FW-1 because of the arp entry and it is then routed to the correct interface/gateway. When the packet leaves the firewall, the header is modified to do the actual NAt.
Regards,
Frank
