The most likely cause is the arp settings. You need to create a proxy or published arp for the static NAT. I have heard that there are problems with the automatic arp creation in NG so be careful. If you do it manually it is platform dependent.
----- Original Message ----- From: "Guangcheng Wen" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, September 26, 2002 7:11 AM Subject: Re: [FW-1] License about High Availability > Hello, > Thanks so much for your information. > Yes, just as your said, Cluster HA even Cluster XL works under eval key. > But I have a problem with NAT(static model). I have made a Nodes object > for a Web server on internal LAN. > IP Address: 192.168.2.63 > "Add Automatic Address Translation rules" is checked. > Translation method: static > Network IP Address: 200.240.2.4(FW Cluster's VIP) > Install on Gateway: Cluster object > When I access from 192.168.2.63 to a Web server outside is OK, > and the source IP is converted to 200.168.2.63. But when I access > the inetrnal Web server(192.168.2.63) by http://200.240.2.4/, > it failed. > If the Network IP Address is set to one of FW real IP, it wokes. > Any idea? Thanks a lot. > > Marc.Washco> If you are using an eval key, everything should work fine. > Marc.Washco> > Marc.Washco> We used eval keys to evaluate the Cluster XL, and went into production last > Marc.Washco> evening with purchased licenses. When you get a purchased license, you need > Marc.Washco> a separate license for clsuter XL. > Marc.Washco> > Marc.Washco> The Gateway cluster should be working with an eval license. > Marc.Washco> > Marc.Washco> Regards, > Marc.Washco> > Marc.Washco> Marc > > Guy.Roelandts> With the EVAL licenses you should be able to build your cluster, but within > Guy.Roelandts> the next 30 days you'll have to install the final licenses then the trouble > Guy.Roelandts> will begin. > Guy.Roelandts> > Guy.Roelandts> For HA, you need indeed another license, but what license are you thinking off > Guy.Roelandts> if not using ClusterXL ?? The VPN-1 Pro High Availability Bundles includes 2 VPN-1 > Guy.Roelandts> licenses but the Cluster XL license needs to be purchased separately, or you > Guy.Roelandts> could use an OPSec product like RainWall, StoneBeat ... > > After tring ClusterXL I am going to try StoneBeat. > > Best regards, > > --Wen > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
