For HA mode you need to publish proxy arps using the "virtual" mac
address which is:
00:00:5E:00:01:xx where xx is the virtual router ID of the relevant
interface in hex format.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
Jerald Josephs
Sent: Saturday, June 10, 2000 12:56
To: Andy Haigh; 'Firewall-1 Mailinglist (E-mail)'
Subject: Re: [FW1] Nokia Firewalls
The FireWall-1 implementation of NAT is the same, regardless of
the platform.
You might have to publish a proxy ARP, which you should do from
within Network Voyager, because the proxy ARP definition will be saved
and configured through reboots. Executing the arp -s <---> pub command
from the CLI works, but it is not part of the IPSO configuration set.
However, you may also use VRRP to support NAT, should you have two
or more Nokia's in an HA configuration. If you choose to use VRRP in
order
to bring into existence each-and-every unused external IP address you
wish
to statically translate to a unique, internal IP address, then you will
not
need
to publish a proxy ARP for each external IP address. The master of the
VRRP
VRID numbers will handle the network connections and should it fail for
any
reason, the backup platform will begin to handle these connections as it
would
any other packet that is forwarded to the virtual router.
Therefore, you can use VRRP to support a virtual router and you can use
VRRP to support Static NAT and Dynamic NAT that is also using an unused
external IP address. This is what I do for each configuration I set up.
----- Original Message -----
From: "Andy Haigh" <[EMAIL PROTECTED]>
To: "'Firewall-1 Mailinglist (E-mail)'"
<[EMAIL PROTECTED]>
Sent: Thursday, June 08, 2000 6:27 PM
Subject: [FW1] Nokia Firewalls
>
> Does anyone know of a site with a how-to for NAT on Nokia firewalls. I
know
> it's bit different to setting them up in unix, but don't know the
exact
> differences.
>
> Thanks
>
> Andy Haigh
>
>
>
>
========================================================================
====
====
> To unsubscribe from this mailing list, please see the
instructions at
> http://www.checkpoint.com/services/mailing.html
>
========================================================================
====
====
========================================================================
========
To unsubscribe from this mailing list, please see the instructions
at
http://www.checkpoint.com/services/mailing.html
========================================================================
========
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
