This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Firewall_Head
Explorer
‎2025-03-09 09:54 AM

A simple question on Anti-spoofing ?

Hi Checkmates,

First, please have a look at the snap of my topology.Anti-spoofing.jpg
1> When I try to take SSH of the interface eth2 from PC1, why am I not denied the access by anti-spoofing, because I come with a different IP (10.10.10.10) to eth2 interface.

2> Will my request get internally routed within the Check Point GW and get accepted ?

Can somebody help me with my simple question.

Thanks in advance !

======

WR,

FH

0 Kudos
4 Replies
Alex-
Leader Leader
Leader
‎2025-03-09 10:19 AM

You come from eth1 with subnet 10.10.10.0/24 with an IP in that range, so anti-spoofing won't block you there.

The access control policy could allow or block you.

Anti-spoofing, depending how it's configured, will check the validity of the source IP incoming on any given interface, to put it simply.

 

Eth2 would perform anti-spoofing if you came in with 10.10.10.10 as source on that interface if you choose to match interface IP and range for instance.

0 Kudos
Firewall_Head
Explorer
‎2025-03-09 10:38 AM
In response to Alex-

Thanks for the reply @Alex- ,

So how many times is the traffic inspected at the firewall, won't it check the SRC IP is 10.10.10.10 and the DST is 20.20.20.0/24 and block it.

Can you put this step by step please ?

====

WR,

FH

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2025-03-09 10:41 AM
In response to Firewall_Head

See here:

A Primer on Anti-spoofing

Attend my Gateway Performance Optimization R81.20 course
CET (Europe) Timezone Course Scheduled for July 1-2
0 Kudos
the_rock
Legend
Legend
‎2025-03-09 06:33 PM

Hey brother,

@Alex- is 100% right. Btw, check below, I find its basic, but an EXCELLENT reference.

Andy

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManagement_AdminGuide/Topi...

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top