I had a lot of problems myself with FW-1 NG on a Win2K SP3 server. I did not have the problems you had though. From what Checkpoint told me the local.arp file belongs in the lib directory. The local.arp did not help me with my problems with arp, so I had to use the fwparp.exe command.
Also is your static route for the static NAT configured properly? Trent Libby -----Original Message----- From: Ian Collins [mailto:ian@;KIWIPLAN.CO.NZ] Sent: Tuesday, October 22, 2002 8:07 PM To: [EMAIL PROTECTED] Subject: [FW-1] Problems with NAT, ARP and NG SP2 on windows 2000 and duplicate ip addresses Please help. I am having a problem with NAT and NG (SP2). Synopsis: My problem ONLY happens on internal machines with static NAT rules in the firewall. When these machines boot, they can't start their network, and we see the ARP table MAC address for that machine (from other machines) show the MAC addres of the firewall interface. An example will make that above mess simpler.... First some salient points: 1. My firewall server is Windows 2000 running NG SP2. 2. We are upgrading from NT4 running FW1 4.1 (to NG SP2) (we installed NG onto a new box, just in case we had to go back to the 4.1). 3. The problems I am seeing only happened with machines that have static NAT rules in the firewall. 4. Every machine in our internal network has the above firewall as it's default gateway. 5. Because of the problems, we have put the 4.1 machine back in. The problem: We have a machine (call it 192.168.240.1) in our internal network that is accessible by our overseas offices, so we setup a FW1 static NAT rule as follows ... Any...external_address...Any -> original...192.168.240.1...Any 192.168.240.1...Any...Any -> external_address....original...Any and we have a static route set in windows. (this worked fine in FW1 4.1). Fairly standard stuff. When I started the NG SP2 firewall (first disabling the 4.1 machine), everything ran fine for a couple of hours until we had to reboot the 192.168.240.1 machine for some reason. When it came up, it complained about a duplicate IP address (i.e. 192.168.240.1 was already in use). We knew this wasn't true, and when I pinged the address (192.168.240.1) from another machine (192.168.240.2), the arp table on that machine gave me the MAC Address for one of the interfaces on the FIREWALL. The only way we could get the 192.168.240.1 machine back up was to disable the NG service on the firewall. (not really much of a solution). Just deleting the static NAT rules didn't help - which makes me think it is more than just NAT causing the problem. I have perused mailing lists and knowledge bases, but can't find this problem anywhere. My questions: 0: Has anyone else seen this? 1. Is this because we are using static NAT? (it's a bit difficult to experiment with stopping the company). 2. Is the a local.arp problem? (we had to have a local.arp on our 4.1 firewall). There has been various suggestions about using a local.arp in the postings. (and if so, where is local.arp meant to live - in the conf or state folder?). 3. Would it be worth trying Windows 2000 SP3 (again, there has been various postings about a bug in Windows 2000) - and something about FWPARP. I look forward to any replies, Regards, Ian Collins. ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
