You don't.
You let FW-1 handle it for you.
I guess, though I haven't tried,
you could create rules to block all traffic
that has the same origin as destination subnet,
like you would do per interface on a router.
You would have one rule per interface (or per subnet, to be exact):
Src Dest Service Action
Subnet_1 Subnet_1 Any Drop
Subnet_2 Subnet_2 Any Drop
etc...
This sounds messy though, since FW-1 can handle this
by itself.
In the properties window for you firewall object,
you specify anti-spoofing settings per interface.
In there, you can set up which subnets are allowed to
send traffic through on a specific interface.
For instance, very standard setup would be:
Internal interface: "This net"
External interface: "Others"
Of you check the archives at
www.securepoint.com
or search Google (include "firewall-1 mailing list" in search)
you will find plenty of descriptions of these settings.
Cheers,
Anders :)
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: 1. oktober 2001 20:43
> To: [EMAIL PROTECTED]
> Subject: [FW1] anti-spoofing
>
>
>
> Hi all!
>
> How can I define anti-spoofing rule?
>
> tks,
> Renato
>
> _________________________________________________________
> Oi! Voc� quer um iG-mail gratuito?
> Ent�o clique aqui: http://registro.ig.com.br/
>
>
>
> ==============================================================
> ==================
> To unsubscribe from this mailing list, please see the
> instructions at
> http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
