----- Original Message -----
Sent: Monday, April 02, 2001 6:11
PM
Subject: RE: [FW1] Turn off ip spoofing
on internal LAN
Antispoofing needs to be configured for 1) All interfaces, or 2) No
interfaces. You can't configure antispoofing for only one interface-- it
sort of defeats the whole purpose. With antispoofing, firewall-1 needs
to know what it should see on every interface.
-Warren.
Hi
For some reasons I need to turn
off the IP spoofing on my internal Nics in Firewall Box, of course I'll keep
IP spoofing on external Nic on the firewall box! Meanwhile I will disallow
traffic from DMZ to Localnet. Do you guys think it's ok? By doing this do I
run any potential security risk or not? The condition is that no internal
guy will be acted as a hacker.
Thanks!