Check Point Certified Security Administrator (CCSA) Practice Exam

The situation where an administrator needs to manually define Proxy ARP is when configuring a "Manual Static NAT." In this scenario, Proxy ARP is utilized to enable the security gateway to respond to ARP requests on behalf of a host that is utilizing a static NAT configuration.

With Manual Static NAT, the mappings between the internal and external IP addresses are explicitly defined by the administrator. When an external device tries to reach this internal host, the security gateway must accurately represent the internal address to the external world. Since this static mapping is not dynamically learned by the gateway, Proxy ARP allows the gateway to respond to ARP requests for the internal IP addresses, effectively bridging the gap and ensuring connectivity.

In contrast, Automatic Static NAT and Automatic Hide NAT typically do not require manual ARP adjustments as they handle address translations internally or dynamically without the need for manual definitions. Similarly, Manual Hide NAT focuses on addressing translation for multiple internal hosts to share a single external IP and usually does not invoke Proxy ARP as it modifies source addresses for outbound traffic without a one-to-one mapping that would require ARP responses.