[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] NBT logging
Hi, if you have a rule in your rulebase to drop these packets without logging - and they are dropped and logged, then you should have a close look at the log (e.g. field Info). Mostly AntiSpoofing is configured and CP does not only check the source, but also the destination address (outbound AntiSpoofing). So the packets are beeing dropped by rule 0 with logging caused by AntiSpoofing. To let the packets reach your "NBT-DROP-Rule" you should accept the Broadcast addresses where the NBT packets are directed to. If you have selected "specific" in the AS-rule of the NIC's, you should include the Broadcast-addresses to the networks (4.1: allow, NG: include). The other way is to create a Workstation object for each Broadcast address, create a group with the accepted network(s) + Broadcast address(es). Then, go to the configuration of AntiSpoofing, select "specific" and accept this group. Then the packets pass the AntiSpoofing check and your explicite rule will "throw them out". Hope it helps, best regards, Matthias http://www.fw-1.de Devon Harding - GTHLA writes: > All NBT stuff still seems to be logging and not relating to any rules. > > My rule (second to last) is as follows: > > Source Dest. Service Action Track > Any Any NBT Drop None > > The NBT packets are dropped but are still logged. > > -Devon > --- AERAsec Network Services and Security GmbH Wagenberger Strasse 1 D-85662 Hohenbrunn, Germany http://www.aerasec.de ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|