Any comment would be welcome as I don't want to use my intuition and change
500+ machines in one shot to get it wrong
I created internal and external objects for each server I needed,
now in order for NAT to work as such server1.internal (VPN addr),
server1.external (static addr) I understand I have to assign both
the route and ARP entries on the firewall machine.
Now my question is just to be 100% sure:
firewall.server.foo 23.45.67.1 aa:aa:aa:aa:aa:aa
server1.internal.server.foo 10.10.1.5 bb:bb:bb:bb:bb:bb
server1.external.server.foo 23.45.67.9 cc:cc:cc:cc:cc:cc
So when I add the static ARP entries for each external, should I
use the arp entry for the firewall?
arp -s 23.45.67.9 aa:aa:aa:aa:aa:aa
which is serv1.external's address with the firewall's MAC info
route add 23.45.67.9 23.45.67.1 pub
the external's
Or is this wrong and it should be:
arp -s 23.45.67.9 cc:cc:cc:cc:cc
(machine to its own arp info)
route add 23.45.67.9 23.45.67.1 pub
I'm a bit confused since I'm thinking about my load balancing
and the way the addressing is set, if server1.internal was to
go down, and backup.server1 takes over, or if I have to quickly
fix something then I would have to statically assign the ARP
and routes again wouldn't I.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
