Support Center > Search Results > SecureKnowledge Details
Static NAT does not work on Security Gateway
Symptoms
  • Automatic or Manual Static NAT does not work on Security Gateway (which is not a part of any cluster).

  • SmartView Tracker does not show any logs about the traffic.

  • Running tcpdump on the external interface shows that ARP Requests for the NATed IP address reaches the Security Gateway, but Security Gateway does not perform Proxy ARP and there are no ARP Replies..

  • Kernel debug (fw ctl debug -m fw + drop) on Security Gateway shows:

    'fw_log_drop_ex: Packet proto= ... dropped by fwha_process_incoming_arp Reason: The packet is designated to an ip address that is proxied, but is not an active member'
Cause

The ClusterXL membership is enabled on a single Security Gateway.


Solution

Enabling the ClusterXL membership on a single Security Gateway is not supported. One of the possible consequences of this configuration may be that Automatic or Manual Static NAT will not work.

In order to resolve this issue, run 'cpconfig' command - choose 'Disable cluster membership for this gateway' - exit the menu - reboot the machine.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment