Inline.
1: your xxx.xxx.10.1 firewall external interface and the xxx.xxx.10.254
router interface are indeed on the same subnet. The router is a host on
the external subnet.
Correct.
2: Check your anti-spoofing configuration for the external interface on
the firewall object (defaults to being called "cpmodule"). You should
have the "External (leads out to the Internet) button checked.
It has always been "external (leads out to internet)"
3: the static route pointing traffic to the xxx.xxx.10.1 firewall
external interface is good.
OK.
4: what type of ICMP traffic is it? A redirect, a ping, a traceroute,
???
Hmmm, looking into it further shows something interesting. The router is
configured to send its logs to the SmartCenter via syslog.
Information:
ICMP: Host Redirect
ICMP Type: 5
ICMP Code: 1
message_info: Address spoofing
When I have them stop sending of the the syslogs from the router, the
spoofing entry stops as well.
Thanks for all of the help, folks. I'll dump this back on the router people
because it just looks like some kind of nuisance entry.
Ray
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
