NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Antispoofing and bootp





I just created the Network object

IP Address:     0.0.0.0
Mask:           255.255.255.255

Placed it in my Antispoof group and when I pushed the policy it failed.  I
recieved this.

"Security Policy Verify Warnings:
Error: Network 'LAN-Antispoof-Firewall' does not contain any IP address
Failed to generate Security Policy Script for rulebase
'D:\FW1\4.1\conf\Test_Policy.W'

I then created changed the Network object to

IP Address:    0.0.0.0
Mask:          0.0.0.0

I pushed the policy and a couple of secouds CPMAD starting sending spoofalerts
on my
El90x4 interface (Internal Network card) which are caused by bootp

Service:  bootp
Source:        (blank)
Destination:   255.255.255.255
Proto:         udp
Rule:          0
S_Port:        68


Any ideas?

Thank you very much for your help.


----------------------------------------------------------------------------------------------------------------------------------------

>Erik,
>
>    Thanks, for the info.
>If I do place the a network object of  0.0.0.0 in the antispoof group for my
internal interface.
>Would I have any security ramifications in doing that?
>
>Thanks
>
>AC



>
>My question is do I have to create a Network object of 255.255.255.255 and
place
> it in the AntiSpoof group?
>Will this stop the CPMAD from activating?
>

If you want the DHCP requests to pass through the Anti-spoofing settings,
you will have to add the 0.0.0.0 in the AntiSpoof group. Since the
bootp/dhcp-client does not have any ip-address when they boot up.

The 255.255.255.255 is the destination address and will not help the
situation........


/erik



----------------------------------------------------------------

I am having some antispoofing configuration problems.
CPMAD keeps on getting ativated by bootp reguests.
When I look in the Check Point Logviewer I see this:

Service:  bootp
Source:        (blank)
Destination:   255.255.255.255
Proto:         udp
Rule:          0
S_Port:        68

I am running Check Point  v4.1 sp3
I have configured and enable CPMAD.
I have 4 network cards installed and have configured this under the Interface
properties->Security
under Valid Address

Internet adapter         El90x1    - Others
DMZ01                    El90x2    - Others
DMZ02                    El90x3    - Others
Internal LAN        El90x4    - Specific->AntiSpoof-Group


The Antispoof  group consists of my two internal networks.
I'm also running DHCP in my internal network.

My question is do I have to create a Network object of 255.255.255.255 and place
 it in the AntiSpoof group?
Will this stop the CPMAD from activating?


Thanks

AC





================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.