Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Pearl

How to check if Anti-Spoofing is enabled and set to Prevent mode for each interface on CLI?

Which CLI command will let me know if each interface has Anti-Spoofing enabled and set to Prevent mode?
This command is not specific enough:

fw ctl get int fw_antispoofing_enabled
0 Kudos
3 Replies
Highlighted

Re: How to check if Anti-Spoofing is enabled and set to Prevent mode for each interface on CLI?

I don't believe there is a way to pull this information directly out of the running kernel, but the cached policy INSPECT files on the gateway can be queried for this info using this tool:

https://community.checkpoint.com/t5/Enterprise-Appliances-and-Gaia/Show-Address-Spoofing-Networks-vi...

 

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
Highlighted
Admin
Admin

Re: How to check if Anti-Spoofing is enabled and set to Prevent mode for each interface on CLI?

That kernel variable just tells you that it's been disabled in the kernel. You need to query the actual installed policy to see if it's really enabled or not.
0 Kudos
Highlighted
Pearl

Re: How to check if Anti-Spoofing is enabled and set to Prevent mode for each interface on CLI?

Thanks. This command will easily show if there is at least one interface not running in Prevent mode:

 

 

grep ":monitor_only (true)" $FWDIR/state/local/FW1/local.set

 

and this command shows if there is at least one interface that has Anti-Spoofing disabled:

 

grep ":has_addr_info (false)" $FWDIR/state/local/FW1/local.set

 

I also added these checks to our ccc script.

0 Kudos