Check Point AIR55 contains a feature called auto-ARP creation. This feature automatically adds an ARP entry for a secondary external IP address (the public IP address of the SMA appliance). If running Check Point on a Nokia security platform, Nokia recommends that users disable this feature. As a result, the ARP entry for the external IP address must be added manually within the Nokia Voyager interface.
Finally, a traffic or policy rule is required for all traffic to flow from the Internet to the SMA appliance.
Check Point Policy Rule Window
Again, should the SMA appliance be located on a secure segment of the Check Point firewall, a second rule allowing the relevant traffic to flow from the SMA appliance to the internal network is necessary.
Was This Article Helpful?
Help us to improve our support portal