https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-to-check-the-target-of-source-ip-destiantion-ip-if-it-is/m-p/153702#M25820 <P>Here's a question you might be interested in.</P><P>A Checkpoint Gateway is used as Second tier Firewall. Every time we get "Network Topology" data from a Gateway object, Anti Spoofing again becomes active.</P><P><A href="https://futbolred.net/" target="_self"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="futbolred.JPG" style="width: 180px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/17291iAAC124B2B60D9441/image-size/medium?v=v2&amp;px=400" role="button" title="futbolred.JPG" alt="futbolred.JPG" /></span></A></P> Sun, 24 Jul 2022 18:41:35 GMT cuiko78 2022-07-24T18:41:35Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-to-check-the-target-of-source-ip-destiantion-ip-if-it-is/m-p/153667#M25810 <P>Dear All,</P><P>&nbsp;</P><P>Just find a question here.</P><P>&nbsp;</P><P>We are using the Checkpoint Gateway as Second tier Firewall.</P><P>&nbsp;</P><P>Every time we get "Network Topology" from the Gateway objects, the Anti Spoofing will enable again.</P><P>&nbsp;</P><P>And then the internet traffic is dropped due to the Anti-Spoofing.</P><P>&nbsp;</P><P>but if we check out the traffic log, seems we just got the "allow" message but not "Drop due to Spoofing..."</P><P>&nbsp;</P><P>Please advise.</P><P>&nbsp;</P><P>BTW, how can we disable the Anti-Spoofing forever?</P> Sat, 23 Jul 2022 06:59:28 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-to-check-the-target-of-source-ip-destiantion-ip-if-it-is/m-p/153667#M25810 BlueGrass 2022-07-23T06:59:28Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-to-check-the-target-of-source-ip-destiantion-ip-if-it-is/m-p/153668#M25811 <P>Enabling logging for "Implied Rules" in global properties.</P> <P>Which topology option do you currently use, "defined by routes" or other ?</P> Sat, 23 Jul 2022 10:11:49 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-to-check-the-target-of-source-ip-destiantion-ip-if-it-is/m-p/153668#M25811 Chris_Atkinson 2022-07-23T10:11:49Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-to-check-the-target-of-source-ip-destiantion-ip-if-it-is/m-p/153679#M25815 <P>The logging for antispoofing is located on the Topology screen for each interface here, it is set enabled by default so should be logging anti-spoofing drops unless someone changed it (the state of this checkbox should not be affected by a Get Topology operation):</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Spoof.png" style="width: 771px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/17284i0A236C67989B945D/image-size/large?v=v2&amp;px=999" role="button" title="Spoof.png" alt="Spoof.png" /></span></P> <P>There is a useful one-liner that can give you a very concise look at your anti-spoofing configuration:<A href="https://community.checkpoint.com/docs/DOC-2990" target="_blank" rel="noopener">Show Address Spoofing Networks via CLI<SPAN>&nbsp;</SPAN></A><SPAN>&nbsp;</SPAN></P> <P>If you really want to disable anti-spoofing permanently (not recommended) you will need to set these two kernel variables to a value of 0 and make the change permanent in fwkern.conf (first variable) and simkern.conf (second variable):</P> <P><STRONG>fw_antispoofing_enabled</STRONG></P> <P><STRONG>sim_anti_spoofing_enabled</STRONG></P> Sat, 23 Jul 2022 21:18:26 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-to-check-the-target-of-source-ip-destiantion-ip-if-it-is/m-p/153679#M25815 Timothy_Hall 2022-07-23T21:18:26Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-to-check-the-target-of-source-ip-destiantion-ip-if-it-is/m-p/153702#M25820 <P>Here's a question you might be interested in.</P><P>A Checkpoint Gateway is used as Second tier Firewall. Every time we get "Network Topology" data from a Gateway object, Anti Spoofing again becomes active.</P><P><A href="https://futbolred.net/" target="_self"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="futbolred.JPG" style="width: 180px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/17291iAAC124B2B60D9441/image-size/medium?v=v2&amp;px=400" role="button" title="futbolred.JPG" alt="futbolred.JPG" /></span></A></P> Sun, 24 Jul 2022 18:41:35 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-to-check-the-target-of-source-ip-destiantion-ip-if-it-is/m-p/153702#M25820 cuiko78 2022-07-24T18:41:35Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-to-check-the-target-of-source-ip-destiantion-ip-if-it-is/m-p/153730#M25860 <P>This is by design. It is the best practice to use antispoofing</P> Mon, 25 Jul 2022 09:29:37 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-to-check-the-target-of-source-ip-destiantion-ip-if-it-is/m-p/153730#M25860 _Val_ 2022-07-25T09:29:37Z