Re: Routing for a Virtual Server in Checkpoint

Will <westes-usc@xxxxxxxxxxxxxx> wrote:
: With at least older versions of Checkpoint, you have to establish manual
: routes in the OS to move packets that require NAT to the correct interface.
: For a simple mapping of one external IP to one internal IP, this is trivial
: and works fine. But how are you supposed to do the routing for the case of
: a virtual server, where one external IP may map each of three ports to three
: separate destination IPs on three separate DMZ networks? It's not clear
: for such a case how static routing rules would apply.

Will,
I don't know what version you're using, but newer versions (NG and up)
understands and does this automaticly. It's called automatic ARP.

In older versions (->4.1) you had to define this arping manually. On
windows you could specify this in a local.arp file, while on other
systems you had to use the os specific arp commands and put them i a
startup script, possibly in the same script that starts the firewall
daemon.

With newer versions of Checkpoint you can also use "client side
natting"
to avoid the need for such manual routing.

Lars



--
.