Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] spoof alert

To: "Firewall-1 Mailing List (E-mail)" <[email protected]>
Subject: Re: [FW1] spoof alert
From: [email protected]
Date: Mon, 2 Oct 2000 15:30:05 +0200
Sender: [email protected]

Hi Richard,

this is mostly a problem of defining the anti-spoofing groups in the firewall
object.

See the FW Administration Guide page 473 (and around) about NAT and
anti-spoofing:
this described very well the way FW checks anti-spoofing before or after the
translation have been done...
In your case, I suppose you just forget to add the translated (external)
addresses to the anti-spoofing group on the internal FW interface (in case of
Static Destination Mode).

Just RTFM  ;-)

Best regards,
Olivier Merlin

>hi group

>i have recently installed a firewall and am receiving alerts from my
>firewall interfaces as follows:

>spoofalert    nbdatagram     rule 0
>         nbname
>         sunrpc

>there are linux and win2000 machines on both sides of the firewall and if i
>disable spoof tracking in the interface properties the alerts stop but i
>imagine this is not the ideal thing to do, what is the recommended way to
>stop the alerts while keeping correct spoof tracking operation?

>many thanks

>richard thornton
>edinburgh, scotland




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] RE:
Next by Date: Re: [FW1] routing and nt
Previous by thread: [FW1] spoof alert
Next by thread: [no subject]
Index(es):
- Date
- Thread