Reinhard Stich wrote:
hi,
IP-addresses that are configured on any other "internal" interfaces will
not be allowed as source-IP from the external interface.
Also, on an internal interface packets whose source address does not
match the networks defined on that interface will be dropped.
The anti-spoofing checks also apply to packets leaving an interface,
but you should only see anti-spoofing drops for packets leaving the
system if your routing table and topology are inconsistent.
Anti-spoofing has nothing directly to do with RFC1918 addresses.
At 15:32 04.05.2004, you wrote:
Hello everyone,
i have a question about how anti-spoofing work on checkpoint firewall NG
AI.
If I configure on the topology tab of my gateway one interface as
external, does that mean private ip (rfc1918) coming from this interface
will be consider as spoofing or not ?
--
Crist J. Clark [EMAIL PROTECTED]
Globalstar Communications (408) 933-4387
The information contained in this e-mail message is confidential,
intended only for the use of the individual or entity named above.
If the reader of this e-mail is not the intended recipient, or the
employee or agent responsible to deliver it to the intended recipient,
you are hereby notified that any review, dissemination, distribution or
copying of this communication is strictly prohibited. If you have
received this e-mail in error, please contact [EMAIL PROTECTED]
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
