- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Local interface address spoofing
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Local interface address spoofing
Hello,
We ve got an issue with "Local interface address spoofing" on a Cloudguard GW.
We're running a Monitoring Solution which sends ping and snmp requests to Cloudguard Management Network.
This issue occors only for the GW which resides on the same ESXi Host where the Monitoring Solution is running. Other Cloudguard GWs can be reached without any issue. If the monitoring solution is migrated to a different ESXi Host the problem also occures on the new ESXi Host. In fw monitor I can see that traffic is hitting eth2 interface which it shouldn't. We're on the latest Patchlevel for Cloudguard on NSX-V.
I found sk105899, but im not sure if it's applicable.
How can we fix this?
Best Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There are no dublicate IPs, no Hubs. Could it be a routing issue in NSX-V?
Monitoring VM: 10.20.10.1
Cloudguard GW: 10.10.10.1
Traffic hits eth2 which hasn't an IP assigned
[Expert@serviceinstance-2-xyz123:0]# fw monitor -e 'accept (src=10.10.10.1 and dst=10.20.10.1) or (src=10.20.10.1 and dst=10.10.10.1);' -m iO
monitor: getting filter (from command line)
monitor: compiling
monitorfilter:
Compiled OK.
monitor: loading
monitor: monitoring (control-C to stop)
[vs_0][fw_0] eth2:x[51]: 10.20.10.1 -> 10.10.10.1 (ICMP) len=51 id=9526
ICMP: type=8 code=0 echo request id=583 seq=25661
[vs_0][fw_0] eth2:i[51]: 10.20.10.1 -> 10.10.10.1 (ICMP) len=51 id=9526
ICMP: type=8 code=0 echo request id=583 seq=25661
[vs_0][fw_0] eth2:O[51]: 10.20.10.1 -> 10.10.10.1 (ICMP) len=51 id=9526
ICMP: type=8 code=0 echo request id=583 seq=25661
[vs_0][fw_0] eth2:X[51]: 10.20.10.1 -> 10.10.10.1 (ICMP) len=51 id=9526
ICMP: type=8 code=0 echo request id=583 seq=25661
[vs_0][fw_0] eth0:x[51]: 10.20.10.1 -> 10.10.10.1 (ICMP) len=51 id=9526
ICMP: type=8 code=0 echo request id=583 seq=25661
[vs_0][fw_0] eth0:i[51]: 10.20.10.1 -> 10.10.10.1 (ICMP) len=51 id=9526
ICMP: type=8 code=0 echo request id=583 seq=25661
[Expert@serviceinstance-2-xyz123:0]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:56:b1:fb:de brd ff:ff:ff:ff:ff:ff
inet 10.10.10.1/24 brd 10.129.34.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether 00:50:56:b1:f7:b1 brd ff:ff:ff:ff:ff:ff
4: eth2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:56:b1:1a:49 brd ff:ff:ff:ff:ff:ff
5: br1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
link/ether 00:50:56:b1:1a:49 brd ff:ff:ff:ff:ff:ff