Re: [FW1] anti-spoofing on aliased interfaces

[Karim Ismail/Markham/Contr/AT&T/IJV]

Lance

the virtual addresses do not show up in FW-1 interfaces screen

FW-1 ignores virtual interfaces, so anti-spoofing is performed on the
physical interface.    if you want to use virtual
interfaces with anti-spoofing, define 2 net objects (one for each subnet)
and create a group consisting of those objects.
then you can put the group in the physical interfaces anti-spoofing entry,
just as if there were another physical network
connected to the interface.



Karim Ismail
Internet: [EMAIL PROTECTED]


Lance Spitzner <[EMAIL PROTECTED]> on 09/29/2000 02:33:53 PM

Please respond to Lance Spitzner <[EMAIL PROTECTED]>

To:   [EMAIL PROTECTED]
cc:
Subject:  [FW1] anti-spoofing on aliased interfaces





I've aliased an interface (hme0:1) on FW ver 4.1, running on Solaris.

Can one add an aliased interface to the interface objects
on a firewall?

Can one setup anti-spoofing on an aliased interface?

Last, does the aliased interface show up on the 'fw stat -li'
command?

Thanks!

--
Lance Spitzner
http://www.enteract.com/~lspitz




================================================================================

     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================





================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================