I am managing a Checkpoint (on Nokia box) install which I did not initially configure.
It has 2 web servers in a DMZ (using 3 IP addresses). These are private addresses, translated by the CP box from/to public addresses.
I need to add another web server, but even though I add the rule and translation entries correctly, it fails to work. It' slike it's been pre-programmmed to ignore any other IP's in the DMZ.
Is this possible? Where would I find out what's going on?
Thanks
So what have you checked? Is there anything in the logs? Is there a spoof group configured on the interface? Have you configured the object, NAT and rule correctly? Is it a routing problem on the web server (incorrect IP, no default gw etc..)?
Did you configure NAT on the web server node object or did you create the NAT rules manually? If you created them manually, you'll need to go into Voyager and create a proxy ARP entry for the new IP external address.
If you're on a reasonably current version of IPSO and Check Point (last two years or so), then configuring NAT on the web server node object will automatically create a proxy ARP entry if the OS is IPSO.
Ray
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.