cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
Nickel

Ping between SYNC being dropped by Anti-spoofing

I have an R80.20 cluster. The SYNC interfaces are configured as follows:

FW1 - 192.168.199.1/255.255.255.252

FW2 - 192.168.199.2/255.255.255.252

 

Antispoofing (from the default) is as follows:

Leads To - This Network (Internal)

Security Zone - User defined (I have never defined any security zones)

Anti-spoofing - Perform anti-spoofing based on interface topology

 

In the firewall logs, after I ping from .1 to .2 I see the ICMP being permitted, immediately followed by a DROP and a statement 'Cluster member IP is being spoofed'.

What am I missing in my antispoofing config? Its at the default.

0 Kudos
2 Replies
Highlighted
Nickel

Re: Ping between SYNC being dropped by Anti-spoofing

Update

I scrutinized the logs again and the logger shows the source as being the SYNC interface of a DIFFERENT firewall cluster in our environment. The SYNC connections are direct, not through a switch. How is that possible?

Does that mean we cannot use the same, small, 192.168.199.0/30 network on all of our SYNC interfaces? They have to be different?

0 Kudos
Highlighted
Admin
Admin

Re: Ping between SYNC being dropped by Anti-spoofing

What's the routing table look like on the affected gateway?
Because you should be able to use the same (private) sync network on each cluster, AFAIK.
0 Kudos