Check Point trap me all the time because of Proxy ARP, for some reason after install a policy on a gateway the NAT didn’t come up AGAIN!
After do a capture i realized what could be the problem (too many arp requests)
Capturing traffic
[Expert@FW-GAIA:0]# tcpdump -i eth0 host 200.0.0.102
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
15:49:57.381730 arp who-has 200.0.0.102 tell 200.0.0.97
(omitted)
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
15:49:57.381730 arp who-has 200.0.0.102 tell 200.0.0.97
(omitted)
These are the default values of ARP in GAIA OS
set arp table cache-size 4096
set arp table validity-timeout 60
set arp announce 2
set arp table validity-timeout 60
set arp announce 2
Adding in clish mode a static proxy arp entry
Setup Proxy ARP
FW-GAIA> add arp proxy ipv4-address 200.0.0.102 interface eth0
The GAIA command above convert it automatically to a file called local.arp
[Expert@FW-GAIA:0]# cat $FWDIR/conf/local.arp
# This file was AUTOMATICALLY GENERATED
# DO NOT EDIT
# Please use Gaia Portal or clish command to configure ARP proxy
200.0.0.102 00:50:56:01:00:a1
# This file was AUTOMATICALLY GENERATED
# DO NOT EDIT
# Please use Gaia Portal or clish command to configure ARP proxy
200.0.0.102 00:50:56:01:00:a1
Checking Proxy ARP
Using clish
FW-GAIA> show arp proxy all
IP Address MAC Address / Interface Real IP Address
200.0.0.102 eth0
IP Address MAC Address / Interface Real IP Address
200.0.0.102 eth0
Using Expert Mode
[Expert@FW-Claranet:0]# fw ctl arp
(200.0.0.102) at 00-50-56-01-00-a1
(200.0.0.102) at 00-50-56-01-00-a1
Golden rule: Setup always a static proxy arp