This LAN is dedicated for providing real time stock data , it input data through T1, T3 from the Exchange of the State, and output to clients also through other T1, Frame Relay. So this data LAN is secured, 'cause It inputs and outputs data through dedicated locations where no internet traffic has been involved! I connect this LAN to Firewall with 172.36.0.x, 'cause we need clock from the Internet and other limited tasks. The problem happened when our software developer wanted to connect to this LAN through 172.136.0.x. The pre-condition is that they don't want to access this DATA LAN through Firewall, they want to have TCP connection directly to 172.36.0.x from their system(there are some software requirements, ex. they must keep their source IP as the same segment as Data LAN 172.36.0.x). They are behind firewall now with IP of 10.0.0.x, in order to let them connect to this data LAN directly I have to put 172.36.0.x into the same NIC with the IP of 10.0.0.x in their system. So when they want to get internet they plug in internet cable, when they want to connect to Data LAN they will plug in data LAN cable. If I do this, Firewall will keep send me alarm that other invalid IPs has been detected through Localnet. Because the same host has been bound with two different IPs. You may ask me, hey! are you stupid, why don't you add another NIC card?! Believe me they already have 5 NIC cards installed on their system, I don't want to add one more, they may not have more IRQ available! So that's why I ask you guys if possible to turn off IP spoofing, then Firewall will not send me the alarms for detecting invalid IPs.

[FW1] My reason to turn off IP Spoofing