Static NAT does not work on Security Gateway
||SecurePlatform, SecurePlatform 2.6, Gaia
|Platform / Model
- Automatic or Manual Static NAT does not work on Security Gateway (which is not a part of any cluster).
- SmartView Tracker does not show any logs about the traffic.
tcpdump on the external interface shows that ARP Requests for the NATed IP address reaches the Security Gateway, but Security Gateway does not perform Proxy ARP and there are no ARP Replies..
- Kernel debug (
fw ctl debug -m fw + drop) on Security Gateway shows:
fw_log_drop_ex: Packet proto= ... dropped by fwha_process_incoming_arp Reason: The packet is designated to an ip address that is proxied, but is not an active member'
The ClusterXL membership is enabled on a single Security Gateway.
Enabling the ClusterXL membership on a single Security Gateway is not supported. One of the possible consequences of this configuration may be that Automatic or Manual Static NAT will not work.
In order to resolve this issue, run '
cpconfig' command - choose '
Disable cluster membership for this gateway' - exit the menu - reboot the machine.