- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Re: Local interface address spoofing
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Local interface address spoofing
Hi,
Another tricky one to explain
In Azure i use UDR to route traffic out of the cloudguard.
I then have an LoadBalancer forwarding the traffic for its extrnal IP to the Cloudguard and then onto the internal zone on a VM.
When i try to connect to the loadbalancer external IP the cloudguard is blocking the connection due to Local interface address spoofing.
How can i get round this issue?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Probably routing issue, check your UDRs and have you added a route for the internal networks to Gaia?
Something like
clish –C “set static-route 10.0.2.0/24 nexthop gateway address 10.0.1.1 on”
where 10.0.1.0/24 is the internal subnet
From sk115276
Local interface address spoofing drops indicate that the Security Gateway / Cluster member received a packet with a source IP address that belongs to one of the local interfaces on the Security Gateway / Cluster member.
Local interface address spoofing
Understand why there is traffic with source IP address that belongs to one of the interfaces on the Security Gateway / Cluster member.
Possible reasons:
Routing issue:
The traffic is being returned to the Security Gateway / Cluster from the next hop.
Traffic will be returned with a source IP address that belongs to the Security Gateway / Cluster.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok, so i think i understand the problem, but not how to resolve.
The issue i think is, that the outbound request from the the VM is routed out of the checkpoint which then hits the public IP of the Loadbalancer. The loadbalancer then NATs the requests back to the Cloudguard which then NAT's onto the destination VM (WebServer) which is also set to route all traffic out of the checkpoint.
So it think it this issue "Understand why there is traffic with source IP address that belongs to one of the interfaces on the Security Gateway / Cluster member."
Problem is how do i fix it? I want all traffic to be routed out of the checkpoint for all subnets, but also want to be able to NAT traffic from the loadbalancer to other endpoints via the checkpoint?
Help!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
what do you mean by
<which then hits the public IP of the Loadbalancer ?
For outbound traffic, you have to NAT the Source IP into the Checkpoint GW IP which is used as the Backend Pool for the Loadbalancer. The Loadbalancer will then NAT the GW IP into the Public IP. (so do not NAT the internal IP into the Public IP on the FW, which you may have now)
Matthias