https://community.checkpoint.com/t5/Firewall-and-Security-Management/VSX-anti-spoofing-DETECT-behavior-question/m-p/10492#M639 <HTML><HEAD></HEAD><BODY><P>Probably silly question but I assume that pushed both topology and policy after you set spoofing to detect mode? I'm still confused how it failed to work correctly when you have tooiloto set to automatic. Sounds really strange.</P></BODY></HTML> Thu, 07 Mar 2019 21:08:39 GMT Kaspars_Zibarts 2019-03-07T21:08:39Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VSX-anti-spoofing-DETECT-behavior-question/m-p/10489#M636 <HTML><HEAD></HEAD><BODY><P>Hello Everyone!</P><P></P><P>I'm wondering, is there someone, who already face the following issue with r77.30 VSX:</P><P>I set an interface anti-spoofing of a VS to DETECT, because I had many drops and have no time to set all the routings.</P><P>However the traffic is still not went through the firewall as it should be, but in the tracker, I saw the detect events.</P><P>So I had to completely turned off the ants-spoofing protection on that interface, then all is good.</P><P></P><P>What do you think, this is a bug, an undocumented feature or just I missed something in the official documentation?</P><P></P><P>Thx for the answers!</P><P></P><P>Balint</P></BODY></HTML> Wed, 06 Mar 2019 11:33:15 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VSX-anti-spoofing-DETECT-behavior-question/m-p/10489#M636 Balint_Elteto 2019-03-06T11:33:15Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VSX-anti-spoofing-DETECT-behavior-question/m-p/10490#M637 <HTML><HEAD></HEAD><BODY><P>Is it possible that traffic passed multiple VSes and/or interfaces so it was dropped somewhere else by spoofing? And when you disabled spoofing completely it covered missing interfaces?</P><P></P><P>In any case - instead of trying to fix this detect issue I would rather spend time to fix routing and spoofing <img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://community.checkpoint.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /></P><P></P><P>You know that you can use automatic spoofing calculation based on existing routing?</P><P></P><P><IMG class="image-1 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/79837_pastedImage_2.png" /></P></BODY></HTML> Wed, 06 Mar 2019 14:44:35 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VSX-anti-spoofing-DETECT-behavior-question/m-p/10490#M637 Kaspars_Zibarts 2019-03-06T14:44:35Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VSX-anti-spoofing-DETECT-behavior-question/m-p/10491#M638 <HTML><HEAD></HEAD><BODY><P>Thanks for the answer!</P><P>No other vs/interface involved. Also I see the traffic with DETECT action in the tracker.</P><P>Just not arrives to the destination.</P><P>Of course, my plan is to correct the routing for sure. But it was a strange behavior which surprised me and cause some uncomfortable hours.</P><P></P><P>I'm using the auto cal on every VS with prevent settings. But there were lot of routes missing and the "set to detect" was the fastest solution to my problem.</P><P></P><P>btw, the interface is a wrp to a virtual switch. Maybe that had something do with this.</P></BODY></HTML> Thu, 07 Mar 2019 12:11:00 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VSX-anti-spoofing-DETECT-behavior-question/m-p/10491#M638 Balint_Elteto 2019-03-07T12:11:00Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VSX-anti-spoofing-DETECT-behavior-question/m-p/10492#M639 <HTML><HEAD></HEAD><BODY><P>Probably silly question but I assume that pushed both topology and policy after you set spoofing to detect mode? I'm still confused how it failed to work correctly when you have tooiloto set to automatic. Sounds really strange.</P></BODY></HTML> Thu, 07 Mar 2019 21:08:39 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VSX-anti-spoofing-DETECT-behavior-question/m-p/10492#M639 Kaspars_Zibarts 2019-03-07T21:08:39Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VSX-anti-spoofing-DETECT-behavior-question/m-p/10493#M640 <HTML><HEAD></HEAD><BODY><P><img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://community.checkpoint.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" />&nbsp; I pushed the policy.</P><P>Anyway, when I'll have more time to play, I'll set up a test VS on this vsx cluster and do some test/troubleshoot.</P><P>Maybe this was some mysterious event, which will never come up again.</P><P></P><P>Thx for your notes</P></BODY></HTML> Fri, 08 Mar 2019 07:17:16 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VSX-anti-spoofing-DETECT-behavior-question/m-p/10493#M640 Balint_Elteto 2019-03-08T07:17:16Z