Check Point VSX manual proxy arp configurationWhen configuring NAT on VSX it is necessary to resolve the MAC address for NATed IPs to allow proper communication on Ethernet networks.
This solution describes how to use a manual proxy ARP configuration with the Check Point VSX application on a Crossbeam Platform.
In the VSX environment and when the Virtual System (VS) is not attached to a Virtual Router, the customer may want to configure a virtual NAT address which is located on the same subnet as the physical interface.
The network configuration would be, for example:
The NAT address would be 192.168.1.10 and would be attached to the same subnet of the physical IP 192.168.1.1
The only way to resolve the MAC address for the NATed address is to use a proxy-arp mechanism.
Due to the nature of VSX and its automatic provisioning method of the Crossbeam components, the easiest solution is to perform a local configuration for the Check Point automatic-arp configuration.
In order to have the proxy ARP functionnality from Check Point activated, you can perform the following actions for a given VS on which you need to activate NAT.
1. Identify the MAC-address you want to reply with for a given IP address