3.19 Ensure Automatic ARP Configuration NAT is enabled


Proxy ARP is a mechanism that allows the configuration of a Gateway to respond to ARP requests on behalf of other hosts.


Automatic ARP configuration ensures that ARP requests for a translated (NATed) machine, network or address range are answered by the Check Point Security Gateway. This option removes the requirement for manual ARP configuration for automatic NAT rules (using the arp command in Unix or the local.arp file in Windows).

The command fw ctl arp displays the ARP proxy table on Check Point Security Gateways that run on Windows. On Unix, use the arp -a command.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.


Go to the following path and Configured the Automatic ARP Configuration NAT.

SmartConsole > Gateways & Servers > select each Gateway > NAT - Network Address Translation
Unchecked the Automatic ARP Configuration NAT

See Also


Item Details


References: 800-53|CM-3, CSCv7|11.3

Plugin: CheckPoint

Control ID: 4dc7e37af0f86852cc34b0465f88a8242238d07f928fdd4a5d5adc1cc8ddd232