Hello,

I am currently running OpenLdap behind a checkpoint firewall.

Some hosts are reaching the LDAP server, but the source IP is NAT Hide. (original IP is 192.168.0.1 - translated 192.168.1.2).

I can see on my firewall many drops coming from the LDAP server to the translated IP.

This kind of packet shouldn't exist, as I am using corosync for HA => No packet are coming from the VIP. 

This maybe a problem on the checkpoint firewall (which is not handling correctly the NAT), but I would like to know if someone already had this behaviour already with any firewall ?

Maybe I am missing something on OpenLDAP network flow.

Best regards,

Hugo