Anti-Spoofing "Interface leads to DMZ" check box

[ChrisA]

We're running R62. This checkbox is under the Internal radio button in the Topology tab of the Interface. It seems that you might check this box instead of selecting a radio button under "IP Addresses behind this interface", but I'm not sure, I don't ever recall seeing the option, and I can't find any mention of it in the manuals. Does anyone know how this option works? Better yet, can you point me to the place in the docs where it is described/explained? Thank you all!

[RobertGraham]

Great question!

The help file is clear as mud. All it says is that the DMZ is considered an internal network. I also searched the PDFs and the SK - nothin.

I have to defer to some of the other, wiser, more knowledgeable folks here - I'm stumped. If no one answers, you should submit a request to the people at CheckPoint who maintain the help files.

[MarioL]

Wasn't easy, but I think I "found" it. It's a UTM-1 only thing.

Read this one "CheckPoint_R62_Firewall_SmartDefense_UserGuide.pd f", page 198.

Basically it's informational only, so that when you are defining your Anti-virus policies you can define what traffic flows you want to scan.

If you go to the "Content Inspection" tab and select one of the protocols to be scanned you will see what I mean. The scan is by default based on "File direction" and there are some drop down boxes with a few options. The DMZ checkbox will influence these.