That's correct. Anti-spoofing config is unique to each firewall cluster, so your definition of "external" for anti-spoofing can be different on different firewall clusters, if that's how your network is designed. It doesn't matter if they're all managed by the same SmartCenter server or not.
-----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]] On Behalf Of Fred Damstra Sent: Monday, June 21, 2010 19:24 To: [email protected] Subject: [FW-1] Anti-spoofing and the External Interface As I understand it, antispoofing is enforced on the external interface by disallowing any of the IP addresses that are assigned to the topology for internal interfaces. Is this accurate? What happens if you have multiple firewalls (or multiple clusters of firewalls) that are not connected via VPN. Can IP's that are internal to one of the firewalls show up on the external interface of a different firewall? Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= *************************************************************************** The information contained in this communication is confidential, is intended only for the use of the recipient named above, and may be legally privileged. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please resend this communication to the sender and delete the original message or any copy of it from your computer system. Thank You. **************************************************************************** Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
