 | ||
 Problem with address spoofing on Nokia cluster!!!! | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2008-04-17 | |||
| |||
 Problem with address spoofing on Nokia cluster!!!! This is my network topology  So I have a problem with adrress spoofing. I used the smartcenter to ping the cluster. Everything is OK except when I ping the outside interface of IP390_2(10.2.0.242), it's said that request time out. And I saw that the checkpoint drop that packet because of address spoofing (I check that in smartview tracker). What can I do? How to fix this problem?  |
| 2008-04-18 | |||
| |||
| Re: Problem with address spoofing on Nokia cluster!!!! First and most obvious to me is where is your Smart Centre's Default Gateway Configured? I suspect it is set to IP390_1 Internal NIC. If that is so, then when you ping the EXT NIC of IP390_2 it will route there via IP390_1, and the traffic from your ManagementServer will appear to be arriving at the External Address - but claiming to be sourced from an Internal Address - a classic AntiSpoof situation. If this IS the case, what you should do is set the SmartCenter's Default Gateway to the Internal Cluster IP, and put 2 routes on your SmartCenter: 1) Traffic to IP390_1 External via IP390_1 Internal <======== Allows Management to communicate direct with IP390_1 2) Traffic to IP390_2 External via IP390_2 Internal <======== Allows Management to communicate direct with IP390_2 IF THE ABOVE IS NOT THE CASE - then... Any chance you could screenshot the Topology Tab of your Cluster Object. In particular, I mean SmartDashboard go to your Cluster Object > Topology > Edit Topology - take screenshot. As an aside, and nothing to do with your original question - the two sync nets you have shouldn't normally be specified as Cluster interfaces - I think it is more normal to specify these only as sync interfaces (1st Sync and 2nd Sync). What type of clustering are you using? VRRP? Last edited by coldark; 2008-04-18 at 04:24. |
| 2008-04-18 | |||
| |||
| Re: Problem with address spoofing on Nokia cluster!!!! default gateway of my smartcenter is the cluster ip : 192.168.2.254. My cluster is running in nokia clustering mode (active-active) So, how can I fix the ploblem AntiSpoofing? |
| 2008-04-19 | |||
| |||
| Re: Problem with address spoofing on Nokia cluster!!!! Antispoofing is configured on the Cluster Object > Topology Tab - The Antispoof settings are shown when you select "Edit Topology" here is an example: EXAMPLE ONLY FROM DEMO MODE OF SMARTDASHBOARD  The Antispoof settings are indicated in the Topology Column on the Right Side. It is a lot easier to offer advice if you put in a screen shot of your current Topology that will show us what your antispoof settings currently are. As I asked in my previous post this can be done by... Any chance you could screenshot the Topology Tab of your Cluster Object. In particular, I mean SmartDashboard go to your Cluster Object > Topology > Edit Topology - take screenshot (ALT>Print Screen). As an aside, and nothing to do with your original question - the two sync nets you have shouldn't normally be specified as Cluster interfaces - I think it is more normal to specify these only as sync interfaces (1st Sync and 2nd Sync). What type of clustering are you using? VRRP? |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
