My company is using a Checkpoint Firewall with VPN v.4 on NT4.
For some reason, I am unable to set up static NAT mappings for hosts behind the trusted interface.
I need to flatten our setup (remove the DMZ) prior to us setting up a proper mechanism for updating our website securely, but I am unable to do so as I am unable to talk to any machines behind the trusted interface it I assign them a static NAT entry. If I move a machine to the DMZ and perform the same steps, the NATting works.
I have carried out some testing from a machine outside the network and if a machine is on the DMZ the firewall performs ARP Proxy functionality (i.e. if I set up a rule to allow ICMP requests, the MAC address of the responding client is the firewall's). However, if a machine is on the trusted network, the static mamping will not work.