The Limitations section of the FW-1/VPN-1 v4.1sp3 release notes states "The local.arp file mechanism for ARP publishing does not work on Windows 2000 which prevents the static destination NAT from working. The current workaround is to add a static route to direct the NATted traffic to the VPN-1/FireWall-1 gateway." In other words, FW-1 doesn't currently support proxy ARP on Windows 2000. I'm sure that this is a serious consideration when thinking about upgrading to Windows 2000 for many current NT 4.0 FW-1 users. After doing some research looking for an alternative proxy ARP solution I discovered that Windows 2000 has new CreateProxyArpEntry and DeleteProxyArpEntry functions for managing proxy ARP entries programmatically (http://msdn.microsoft.com/library/psdk/rras/ipover_6q7g.htm) but I have not found any utilities that take advantage of this and don't have the means to create such myself. Assuming the new functions work, it seems that this built-in support for proxy ARP management should make it easier for Checkpoint on Windows 2000 than on NT 4.0 which didn't have them. In the absence of local.arp support or an enhanced ARP utility from Checkpoint, does anyone know of a utility that can manage Windows 2000 proxy ARP. If nothing exists to do this, maybe someone would like to build such a utility and make it available to FW-1 administrators. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
