Another anti-spoofing issue

[crucial]

My firewall log is filling up with address spoofing messages from a specific host on our internal network.

The address is x.192.240.10, a DNS server with a public IP on the internal network. This host is repeatedly being blocked by address spoofing when attempting to reach each of the root DNS servers on UDP/53 :

a.root-servers.net
b.root-servers.net
c.root-servers.net
etc

The antispoofing is manually configured on the cluster interface. On the internal interface, the group contains two networks for antispoofing: x.192.192.0/18 and 10.0.0.0/8

There is no NAT being done on this server.

The x.192.192.0/18 group should include the x.192.240.10 host for anti-spoofing. Any help is greatly appreciated. Thanks

[RayPesek]

Is the subnet mask for the anti-spoofing network 255.255.192.0? If so, maybe CP doesn't understand it. Try 255.255.0.0 temporarily and see if that fixes it.

Ray

[crucial]

Thanks. I'll give that a shot during the next maintenance window.

Is it common for Checkpoint to misunderstand some subnet masks?

[RayPesek]

No, but like you I think you did the math right, so it's the only thing I can come up with. What version and hotfix level are you at?

Ray