[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Antispoofing and bootp
Thanks, For the help. The creation of a Workstation object: IP Address: 0.0.0.0 and placing it in my Antispoof group did work. CPMAD does not get activated anymore. Thanks everyone for the help AC ------------------------------------------------------------------------------------------------------------------------------------------------ I just created the Network object IP Address: 0.0.0.0 Mask: 255.255.255.255 Placed it in my Antispoof group and when I pushed the policy it failed. I recieved this. "Security Policy Verify Warnings: Error: Network 'LAN-Antispoof-Firewall' does not contain any IP address Failed to generate Security Policy Script for rulebase 'D:\FW1\4.1\conf\Test_Policy.W' I then created changed the Network object to IP Address: 0.0.0.0 Mask: 0.0.0.0 I pushed the policy and a couple of secouds CPMAD starting sending spoofalerts on my El90x4 interface (Internal Network card) which are caused by bootp Service: bootp Source: (blank) Destination: 255.255.255.255 Proto: udp Rule: 0 S_Port: 68 Any ideas? Thank you very much for your help. ---------------------------------------------------------------------------------------------------------------------------------------- >Erik, > > Thanks, for the info. >If I do place the a network object of 0.0.0.0 in the antispoof group for my internal interface. >Would I have any security ramifications in doing that? > >Thanks > >AC > >My question is do I have to create a Network object of 255.255.255.255 and place > it in the AntiSpoof group? >Will this stop the CPMAD from activating? > If you want the DHCP requests to pass through the Anti-spoofing settings, you will have to add the 0.0.0.0 in the AntiSpoof group. Since the bootp/dhcp-client does not have any ip-address when they boot up. The 255.255.255.255 is the destination address and will not help the situation........ /erik ---------------------------------------------------------------- I am having some antispoofing configuration problems. CPMAD keeps on getting ativated by bootp reguests. When I look in the Check Point Logviewer I see this: Service: bootp Source: (blank) Destination: 255.255.255.255 Proto: udp Rule: 0 S_Port: 68 I am running Check Point v4.1 sp3 I have configured and enable CPMAD. I have 4 network cards installed and have configured this under the Interface properties->Security under Valid Address Internet adapter El90x1 - Others DMZ01 El90x2 - Others DMZ02 El90x3 - Others Internal LAN El90x4 - Specific->AntiSpoof-Group The Antispoof group consists of my two internal networks. I'm also running DHCP in my internal network. My question is do I have to create a Network object of 255.255.255.255 and place it in the AntiSpoof group? Will this stop the CPMAD from activating? Thanks AC ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|