CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


** Announcing the #CPUGchallenge **

I'm very happy to announce that CPUG will be hosting "The CPUG Challenge" during CPX this year.
It promises to be a fun and interesting event that will test (and maybe even expand) your knowledge of Check Point.
Whether or not you plan to attend CPX, we have something for you. Please check out this post or the CPUGchallenge.com web site for more information. -E

 

Results 1 to 2 of 2

Thread: Anti-Spoofing in same network segment

  1. #1
    Join Date
    2017-04-08
    Posts
    1
    Rep Power
    0

    Default Anti-Spoofing in same network segment

    Hi All,

    Please help me to understand anti-spoofing in same network segment. for example :- I have 2 hosts ( Host 1:- 10.0.0.1/24 & Host 2:- 10.0.0.2/24). These both hosts reside at internal side of firewall. Firewall internal port IP:- 10.0.0.254/24. Now if Host 2 spoofed Host 1 IP address and send traffic towards outside. How anti-spoofing will work in this case. How firewall will detect this is spoofed IP-address.

    Thanks

  2. #2
    Join Date
    2014-09-02
    Posts
    251
    Rep Power
    10

    Default Re: Anti-Spoofing in same network segment

    Very common question and often misunderstood. It's one of Check Point's least intuitive settings.

    Basically, Anti-Spoofing setting on an interface determines what source IP addresses are valid to enter through that interface. If a packet comes in through eth0 that's not in eth0's "topology", anti-spoofing will drop it (if active).

    A simple guideline is often routing. In most cases, you'll also have to have static routes defined for any internal networks/hosts that aren't connected to the same subnet as the interface. In other words, look at your routing entries, and make sure any static routing is accounted for in topology.

    In your example, anti-spoofing will do nothing. If the two hosts are on the same network, and that network is included in the anti-spoofing definition, it'll be considered valid. Usually, spoofing is used to reach a network that you're not actually on.

    -E

Similar Threads

  1. Replies: 4
    Last Post: 2015-01-08, 11:08
  2. Anti-spoofing R62
    By dub_boy2k in forum SmartDashboard
    Replies: 4
    Last Post: 2009-11-27, 12:44
  3. Anti-spoofing vs Local interface address spoofing
    By braintek in forum Topology Issues
    Replies: 1
    Last Post: 2007-03-23, 15:58
  4. edge - firewalling off a network segment
    By kerbros in forum Check Point UTM-1 Edge Appliances
    Replies: 2
    Last Post: 2006-09-10, 23:45
  5. Anti-Spoofing
    By mdelanoche in forum Topology Issues
    Replies: 1
    Last Post: 2005-09-13, 21:00

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •