Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [FW-1] Need help. Can't turn off anti-spoofing.

from jim [Permanent Link]
Subject: Re: [FW-1] Need help. Can't turn off anti-spoofing.
From: jim <jim AT FIXMYFIREWALL DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Sat, 24 May 2003 23:48:59 +0100 
Check through the objects_5_0.C file on the manager and check for entries
"spoofing (true)"

For interface definitions, you want these to be false, I've had problems
where unchecking it in the GUI didn't write it to the file.

Jim

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Robert
MacKinnon
Sent: 24 May 2003 14:01
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] Need help. Can't turn off anti-spoofing.


Env:  Nokia IP120, IPSO 3.6 FCS6,  FW-1 NG FP3

I'm trying to debug a VPN problem and have created a very simple test setup
consisting of a client PC running Securemote NG, the Nokia FW and a target
server.  The SR client hangs off eth1 with a hub, the server hangs off eth2
with another hub and eth3 is connected to the management server through a
switch.

Packets from the client keep getting rejected on rule 0 with local interface
antispoofing errors.  I've defined the interface as external and this is
understandable so I turned off perform anti-spoofing on all interfaces.
Packets still get rejected.  So I redefined the eth1 interface as internal
with IP addresses based on topology and again anti-spoofing off everywhere.
Still packets are rejected.  I can't find any property in Global properties
that control anti-spoofing either.

Is this normal behaviour for NG FP3?  What have I missed?  Or maybe I am
just unlucky.

         - Rob.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [FW-1] Upgrading to FP3 HF2 in redundant cluster configuration, Yinal OZKAN
Next by Date:  [FW-1] Checkpoint to Astaro, Stefan . Wiederoder
Previous by Thread:  [FW-1] Need help. Can't turn off anti-spoofing., Robert MacKinnon
Next by Thread:  [FW-1] Checkpoint to Astaro, Stefan . Wiederoder
Indexes:  [Date] [Thread] [Top] [All Lists]