Hello, I'm a little confused over how FW-1 works. It works fine to set up a static NAT on the internet interface to a server on LAN, but does not work when I try to use the DMZ interface.
What I did: 1. New proxy Arp ip on the DMZ if. 2. Static route to the server on LAN 3. Correct access rule in the policy 4. Added the dmz proxy arp ip as valid in anti-spoofing on LAN if. According to the log everything looks fine. Hits on the correct rule and allowed access. But not even ping works.. The platform is Nokia IPSO and FW-1 4.1 SP5. The reason I'm trying to use the DMZ if to publish a server on LAN to internet is practical: we have a lof of unused ip addresses on the DMZ net. Maybe this is impossible due to the way FW-1 works? Regards, -- Timo T. Rajala ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
