NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] How to prevent IP address spoofing?




I am trying to prevent address spoofing and have reviewed the manuals about Workstation security properties on each workstation/firewall interface but can't figure out exactly how to implement what I want. Perhaps workstation properties isn't even the correct place.


Basically this is my network (addresses changed a bit):

Internet
\
\
66.1.1.1 s1
Rtr
10.0.0.1 e1
\
\
\
10.0.0.2 e1 |
FW1 10.1.1.1 e2 - - - - |- - DMZ Machines on 10.1.1.0 network
10.2.1.1 e3 |
\
\
|--------------|
Internal networks on 10.2.0.0 thru 10.254.0.0


Basically I only want specific 10.x.x.x IP's to be let in via a GRE tunnel from the internet on the S1 interface of the router. Think I need to specify a rule for the 10.x.x.x IP on the e1 interface of the FW1.

I also only want certain 10.x.x.x networks to come into the e2 interface.

I don't want to specify every valid/invalid 10.x.x.x network. I would like to apply the firewall rules to a specific interface of the FW1 firewall as in:

Let 10.100.x.x in thru FW1 e1 but stop everything else.
Let 10.1.1..x into e2 but stop everything else. It is also possible that e2 may have other networks cascaded off it and they need to be allowed into e2 as well.


Right now I am unable to specify an 'inside' or 'outside' so I either permit all 10's anywhere or deny them everywhere.

Would appreciate any assistance on this.

Thx,
Dean

Dean Landis II
Landis.net



================================================================================
    To unsubscribe from this mailing list, please see the instructions at
              http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.