General discussion

Locked

Can't ping real IP in LAN w/ CheckPoint

By wai_pui_law ·
Dear all,

I have set up CheckPoint 4.1 on NT platform with the LAN and DMZ segments. All the servers in the LAN zone and the DMZ zones have been assigned real IP addresses.

The problem is that the users in the LAN cannot ping the real IP of "some" servers in the LAN zone, but they can ping the real IP of "all" servers in the DMZ zone. What is the cause for that only "some" real IP of servers in the LAN can be ping?

I want the users in the LAN can ping "all" servers' real IP addresses, is there any solution for that?

Best Regards,

WP

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Can't ping real IP in LAN w/ CheckPoint

by wai_pui_law In reply to Can't ping real IP in LAN ...

This doesn't address my original question!

Collapse -

Can't ping real IP in LAN w/ CheckPoint

by tslighter In reply to Can't ping real IP in LAN ...

One piece of information that will also help out is if you are using NAT. Are the "real" IP's for the LAN zone NAT IP's or are they true valid internet IP's ? Assuming that you are using NAT then your issue is with static ARP entries on the firewall. The standard rule for the firewall is that is must advertise all of its translated IP's as its own address. To accomplish this you must use "proxy arp" whereby you use the "arp -s" command to associate the translated IP address with the MAC of the external interface of the firewall. Think of it in terms of any complete connection requires that traffic can travel from Client 1 to Server 1 as well as that traffic can ALSO travel from Server 1 to Client 1

Collapse -

Can't ping real IP in LAN w/ CheckPoint

by wai_pui_law In reply to Can't ping real IP in LAN ...

The question was auto-closed by TechRepublic

Collapse -

Can't ping real IP in LAN w/ CheckPoint

by jereg In reply to Can't ping real IP in LAN ...
Collapse -

Can't ping real IP in LAN w/ CheckPoint

by wai_pui_law In reply to Can't ping real IP in LAN ...

The question was auto-closed by TechRepublic

Collapse -

Can't ping real IP in LAN w/ CheckPoint

by wai_pui_law In reply to Can't ping real IP in LAN ...

This question was auto closed due to inactivity

Related Discussions

Related Forums