Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Danny
Champion Champion
Champion

How to check if Anti-Spoofing is enabled and set to Prevent mode for each interface on CLI?

Which CLI command will let me know if each interface has Anti-Spoofing enabled and set to Prevent mode?
This command is not specific enough:

fw ctl get int fw_antispoofing_enabled
0 Kudos
3 Replies
Timothy_Hall
Champion
Champion

I don't believe there is a way to pull this information directly out of the running kernel, but the cached policy INSPECT files on the gateway can be queried for this info using this tool:

https://community.checkpoint.com/t5/Enterprise-Appliances-and-Gaia/Show-Address-Spoofing-Networks-vi...

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
PhoneBoy
Admin
Admin

That kernel variable just tells you that it's been disabled in the kernel. You need to query the actual installed policy to see if it's really enabled or not.
0 Kudos
Danny
Champion Champion
Champion

Thanks. This command will easily show if there is at least one interface not running in Prevent mode:

 

 

grep ":monitor_only (true)" $FWDIR/state/local/FW1/local.set

 

and this command shows if there is at least one interface that has Anti-Spoofing disabled:

 

grep ":has_addr_info (false)" $FWDIR/state/local/FW1/local.set

 

I also added these checks to our ccc script.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events