Checkpoint Gaia: Manual proxy arp

Gaia is an overlay of Linux, the file structure is Linux. To enter Linux environment you need to enter the expert mode.

From the documentation you must create manual proxy arp if you are doing manual static NAT.

You can add proxy arp in the following methods:

1. Use the Gaia portal.


2. Use the command line (in Gaia):
add arp proxy ipv4-address interface eth0 real-ipv4-address
The ipv4-address is the address after your internal server is translated, and this is the address that is known to the external users. You can either put in the mac address of the Checkpoint physical interface or just specify which interface will the DNAT be published. The real-ipv4-address is the address of the Checkpoint interface. If an external user attempts to use the server, the Checkpoint interface will answer the arp on behalf of its DNAT server.

3. Use the command line (in expert mode):
Login to expert mode –

Enter expert password:

Warning! All configuration should be done through clish
You are in expert mode now.

Then insert the information directly to /opt/CPsuite-R76/fw1/conf/local.arp

echo " 00:0c:29:f1:b7:74" >> $FWDIR/conf/local.arp

4. Save the config. By typing save config.
5. Use Smartdashboard to install policy to take the configuration into effect.

Save config in the command line only save the configuration but does not apply.
If you are using automatic NAT for some objects, you will have to merge the manual proxy arp with the automatic proxy arp. The file local.arp is for manual proxy arp, if you do not merge Checkpoint will ignore the local.arp file.

To merge the manual proxy arp with the automatic use Smartdashboard.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s