This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
L3on
Participant
11 hours ago
Jump to solution

Anti-Spoofing option "Don't check packets from" is greyed out

Hello mates, 

Does anybody have any idea about why the AntiSpoofing option "Don't check packets from" is greyed out? 

How can I enable this option? It is selectable only in External interfaces, but not in the Internal ones. 

Screenshot included taken from a cluster object interface... 

 

* Quantum Security Gateways version: R81.20 JHF Take 89 

 

Preview file
33 KB
0 Kudos
2 Solutions

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend
10 hours ago
Jump to solution

This is only possible when Internet (External) is chosen as interface. Makes sense.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

Lesley
Mentor Mentor
Mentor
8 hours ago
Jump to solution

This option is only for external interfaces:

  • Don't check packets from - Select this option to make sure anti-spoofing does not take place for traffic from internal networks that reaches the external interface. Define a network object that represents those internal networks with valid addresses, and from the drop-down list, select that network object. The anti-spoofing enforcement mechanism disregards objects selected in the Don't check packets from drop-down menu.

-------
If you like this post please give a thumbs up(kudo)! 🙂

View solution in original post

6 Replies
G_W_Albrecht
Legend Legend
Legend
10 hours ago
Jump to solution

This is only possible when Internet (External) is chosen as interface. Makes sense.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
AkosBakos
Leader Leader
Leader
9 hours ago
Jump to solution

Hi @L3on 

If you uncheck the  "Specify Security Zone", then you will be able to select "Don't check packet from:"?

Hm, same here, intereting:

2025-02-07 13_29_03-Topology Settings.png

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
Lesley
Mentor Mentor
Mentor
8 hours ago
Jump to solution

This option is only for external interfaces:

  • Don't check packets from - Select this option to make sure anti-spoofing does not take place for traffic from internal networks that reaches the external interface. Define a network object that represents those internal networks with valid addresses, and from the drop-down list, select that network object. The anti-spoofing enforcement mechanism disregards objects selected in the Don't check packets from drop-down menu.

-------
If you like this post please give a thumbs up(kudo)! 🙂
AkosBakos
Leader Leader
Leader
8 hours ago
In response to Lesley
Jump to solution

Ohh, I think you want to do this. I misleaded myself 🙂 

2025-02-07 14_38_40-Topology Settings.png

Tipical transit LAN settigs...

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
AkosBakos
Leader Leader
Leader
8 hours ago
Jump to solution

@L3on do you want to create transit LAN?

----------------
\m/_(>_<)_\m/
0 Kudos
L3on
Participant
7 hours ago
In response to AkosBakos
Jump to solution

Actually, the CheckPoint firewall is at the edge of the topology, through which several networks access the internet. 
Those networks are behind another (internal) firewall and are NATed by this CheckPoint firewall. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events