Routing Issues

With Firewall–1 there are two routing issues:

1. Ensuring packets reach the gateway
2. Ensuring the gateway forwards packets to the correct interface and host

Static Source or Hide modes

When using Static Source or Hide modes, you must ensure the translated (legal) addresses are published so that replies will be routed back to the Firewall.

For NT Systems the ARP command does not allow permanent entries. Checkpoint created the following feature:

\Winnt\fw\state\local.arp

Format of local.arp is:

IP Address <TAB> External MAC Address

Stop and Start the Firewall-1 Service after creating this file.

Static Destination

When using Static Destination mode translation, translation takes place in the firewall AFTER internal routing, but BEFORE transmission. To ensure the packet is correctly routed use static routing.

Defining NAT

NAT in the Rule Base

                                                                                                        Back     Home