- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Antispoofing Detect Bypassing ACL Policy
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Antispoofing Detect Bypassing ACL Policy
Hello,
I have a Checkpoint Cluster in AWS whose external interface topology is defined as
eth0: defined by routes
Antispoofing - Detect
This is due to the fact that some Private IPs are also hitting eth0 for communication hence Antispoofing is set to Dectect.
There is a requirement where i need to allow access to internal web server from a sepcific group of Public IPs only.. the problem is even after restricting it from ACL .. traffic is getting allowed from all over the Internet and the logs for that access is under Action - "Detect" .. some how its not hitting ACL .. is this the expected behaviour ? why is the traffic not hitting ACL when the Anti spoofing is set to Detect..
Thanks
3 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What precise version/JHF level?
What precise rules have you configured?
Need a network diagram of the relevant resources and a snapshot of the relevant rules.
The log entries should also tell you precisely what rules are being hit.
What precise rules have you configured?
Need a network diagram of the relevant resources and a snapshot of the relevant rules.
The log entries should also tell you precisely what rules are being hit.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Its an R80.40..rules are for normal traffic and one rule for incoming traffic in web server from internet followed by any any deny.
The log entries show the source and destination and the action as "Detect" but no acl rule number in these entries.
One thing i would like to point out is that the webserver is natted with the firewall interface ip.. can this be an issue ?
The log entries show the source and destination and the action as "Detect" but no acl rule number in these entries.
One thing i would like to point out is that the webserver is natted with the firewall interface ip.. can this be an issue ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Possibly, but you’ve given no precise details about the configuration, the logs, etc.
The more precise details you can provide, the more likely we can help.
If you don’t want to share the details publicly, I suggest working with the TAC or your local Check Point SE.
The more precise details you can provide, the more likely we can help.
If you don’t want to share the details publicly, I suggest working with the TAC or your local Check Point SE.