[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Antispoofing and bootp
Only ONE interface should have ''others". What this means is "I will accept anything that is not defined as valid on the OTHER interfaces" Typically, you configure your external interface for "others". Create a valid group for DMZ01 and DMZ02 and use the "specific" setting in the same fashion as you did for your internal interface. As for the bootp traffic, it is a common practice to create a rule right before the cleanup rule that blocks this type of traffic with NO tracking. That way, they're still dropped but don't clutter the log. Sinc CPMAD pulls its information from the log, this will also stop this traffic from triggering your CPMAD alerts. Michael J Lawrence CISSP CCSI -----Original Message----- From: [email protected] [SMTP:[email protected]] Sent: Tuesday, May 15, 2001 5:10 PM To: [email protected] Subject: [FW1] Antispoofing and bootp I am having some antispoofing configuration problems. CPMAD keeps on getting ativated by bootp reguests. When I look in the Check Point Logviewer I see this: Service: bootp Source: (blank) Destination: 255.255.255.255 Proto: udp Rule: 0 S_Port: 68 I am running Check Point v4.1 sp3 I have configured and enable CPMAD. I have 4 network cards installed and have configured this under the Interface properties->Security under Valid Address Internet adapter El90x1 - Others DMZ01 El90x2 - Others DMZ02 El90x3 - Others Internal LAN El90x4 - Specific->AntiSpoof-Group The Antispoof group consists of my two internal networks. I'm also running DHCP in my internal network. My question is do I have to create a Network object of 255.255.255.255 and place it in the AntiSpoof group? Will this stop the CPMAD from activating? Thanks AC ======================================================================== ======== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ======================================================================== ======== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|