O'Reilly logo

Essential Check Point™ FireWall-1® NG: An Installation, Configuration, and Troubleshooting Guide by Dameon D. Welch-Abernathy

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Troubleshooting NAT with a Packet Sniffer

To troubleshoot NAT, you should first verify that each necessary step has been performed.

  • Validate that an ARP entry exists for the translated IP (or that the translated IP is somehow being routed to the firewall).
  • Validate that a static host route exists on the firewall to route the translated IP address to either the untranslated address or the next hop address if the real system is more than one hop away from the firewall.
  • Validate that the rules are set up correctly. Set any security policy rule that applies to a NATted host to track long, and ensure that address translation is happening as you expect.

Wherever a verification of the configuration fails, a packet sniffer can be your friend. The remainder ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required