Static NAT Changes from 4.x to NG
The new default Global Properties are configured to perform address translation on the client-side interface of the firewall for automatic NAT rules defined on the object.
When Manual NAT rules are employed, the default setting in FP3 is to perform the translation on the client side of the connection; this can be modified to work like the earlier NG releases, which only changed the address on the server-side interface.
It is possible in NG to have more than one NAT rule apply to a packet.This function is enabled by default and can be toggled off in the Network Address Translation section of the Global Properties.
Automatic ARP
Instead of having to create an ARP entry in the firewall OS when you’re using NAT in NG, the firewall software can do this for you automatically.This is the default setting.
This feature is not supported on the Nokia, Linux, and SecurePlatform installations; on those, you must manually configure ARP settings.
Windows 2000 installations require no interfaces to be active without an IP address in order for Automatic ARP to function properly.
The command fw ctl arp will display the Automatic ARP entries functional on Windows NT and 2000 installations.
Upgrading 4.x to NG
The firewall database can be checked for configuration settings that could interfere with the upgrade process using the Pre-Upgrade Verifier tool available from Check Point.
The Post-Upgrade Verifier tool can be used to fix database conversion errors that occurred during the upgrade process.
The upgrade can be done automatically or manually, at your discretion.
It is recommended that you perform the upgrade on a parallel system rather than on the live management server.
Detailed steps are available with public access from the Check Point SecureKnowledge Web page, Solution ID sk16625.
