https://community.checkpoint.com/t5/Firewall-and-Security-Management/Strange-Anti-spoof-messages-on-Cluster-IP-Address/m-p/103433#M8156 <P>I have a weird issue where if I ping a server e.g 10.9.8.7/27 it does not respond, but If I ping 10.9.8.6/27 it does work. This is via a static route to say 10.5.5.5/29 which is directly connected to interface bond1.123 on the Firewall. Cluster Address 10.5.5.1/29.&nbsp;</P><P>Upon checking logs it shows Cluster member IP address spoofing only from 10.9.8.7, not 10.9.8.6. The network 10.9.8.0/27 is specifically&nbsp; in the group to allow traffic in the anti-spoof group for Interface bond1.123.&nbsp;</P><P>Has anyone ever seen this before? when I do a cpstop it works! , All very strange.</P><P>Thanks in advance</P> Thu, 26 Nov 2020 13:49:39 GMT Alan_Camelo1 2020-11-26T13:49:39Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Strange-Anti-spoof-messages-on-Cluster-IP-Address/m-p/103433#M8156 <P>I have a weird issue where if I ping a server e.g 10.9.8.7/27 it does not respond, but If I ping 10.9.8.6/27 it does work. This is via a static route to say 10.5.5.5/29 which is directly connected to interface bond1.123 on the Firewall. Cluster Address 10.5.5.1/29.&nbsp;</P><P>Upon checking logs it shows Cluster member IP address spoofing only from 10.9.8.7, not 10.9.8.6. The network 10.9.8.0/27 is specifically&nbsp; in the group to allow traffic in the anti-spoof group for Interface bond1.123.&nbsp;</P><P>Has anyone ever seen this before? when I do a cpstop it works! , All very strange.</P><P>Thanks in advance</P> Thu, 26 Nov 2020 13:49:39 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Strange-Anti-spoof-messages-on-Cluster-IP-Address/m-p/103433#M8156 Alan_Camelo1 2020-11-26T13:49:39Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Strange-Anti-spoof-messages-on-Cluster-IP-Address/m-p/103441#M8157 <P>We have a tool in our ToolBox that might be of help: <A href="https://community.checkpoint.com/t5/SmartConsole-Extensions/Interface-Topology-for-gateways/m-p/81871" target="_self">SmartConsole Extension to show the calculated interface topology of a gateway</A></P> Thu, 26 Nov 2020 14:10:55 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Strange-Anti-spoof-messages-on-Cluster-IP-Address/m-p/103441#M8157 Danny 2020-11-26T14:10:55Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Strange-Anti-spoof-messages-on-Cluster-IP-Address/m-p/103448#M8159 <P>Thanks Danny, but I don't think that would help as the spoofing groups all look correct in the topology.&nbsp;</P><P>I'll give it a try and let you know.</P> Thu, 26 Nov 2020 14:20:38 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Strange-Anti-spoof-messages-on-Cluster-IP-Address/m-p/103448#M8159 Alan_Camelo1 2020-11-26T14:20:38Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Strange-Anti-spoof-messages-on-Cluster-IP-Address/m-p/103461#M8160 <P>Can you provide screenshots of your interface topology within SmartConsole please?</P> Thu, 26 Nov 2020 15:32:35 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Strange-Anti-spoof-messages-on-Cluster-IP-Address/m-p/103461#M8160 JackPrendergast 2020-11-26T15:32:35Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Strange-Anti-spoof-messages-on-Cluster-IP-Address/m-p/103516#M8166 <P>Hi Jack, I cant really provide screenshots but here is the best I can Show, the issue is trying to ping 10.9.8.7 (10.9.8.6 is OK)</P><P>Interface bond1.1203 - 10.5.5.1/29</P><P>Route to&nbsp;<SPAN>10.9.8.0/27 via 10.5.5.5 (next hop router)</SPAN></P><P><SPAN>Networks in spoof group for Interface bond1.1203</SPAN></P><P><SPAN>10.5.5.0/29 and&nbsp;</SPAN><SPAN>10.9.8.0/27</SPAN></P><P>Logs show Cluster spoof from 10.9.8.7 to 10.5.5.1.</P><P>Thanks in advance</P> Fri, 27 Nov 2020 10:08:00 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Strange-Anti-spoof-messages-on-Cluster-IP-Address/m-p/103516#M8166 Alan_Camelo1 2020-11-27T10:08:00Z