Configuring manual NAT on a Crossbeam chassis in a single box configuration requires proxy-ARP to be manually configured.When using Manual NAT in Checkpoint FW the proxy-ARP table will not be populated automatically. This can be confirmed with the "
fw ctl arp" command on the VAP member.
If you use Automatic NAT this table will be automatically populated but that NAT instance will appear across all policies.
proxy-arp on the outside interface. In conjunction with the
proxy-arp setting, you will need to place a host route for the NAT destination pointing to the inside translated destination. Below is an example of the Crossbeam configuration and the Checkpoint configured Manual NAT rule.
Please refer to the attached pdf that contains configurations for Checkpoint and Crossbeam as well as a network drawing.