Dear all,
I have been banging my head trying to find a valid configuration for Microsoft's DirectAccess using our firewalls (HA cluster, both running 9.003-16).
As already stated in the few threads here packets cannot be altered so NAT is not an option. One of my colleagues configured their Checkpoint to respond to the client's ARP request with the DA machine's address rather than the firewall's and once the packet hits the Checkpoint firewall it gets automatically routed (static route) to the DA machine in the DMZ. Both the external firewall interface for DA and the DA machine internally have the same (additional) public IP addresses.
On our firewalls I tried static and policy routes but without success. Does anyone have this configuration up-and-running?
Cheers,
Bembel
I have been banging my head trying to find a valid configuration for Microsoft's DirectAccess using our firewalls (HA cluster, both running 9.003-16).
As already stated in the few threads here packets cannot be altered so NAT is not an option. One of my colleagues configured their Checkpoint to respond to the client's ARP request with the DA machine's address rather than the firewall's and once the packet hits the Checkpoint firewall it gets automatically routed (static route) to the DA machine in the DMZ. Both the external firewall interface for DA and the DA machine internally have the same (additional) public IP addresses.
On our firewalls I tried static and policy routes but without success. Does anyone have this configuration up-and-running?
Cheers,
Bembel