Create a Post
Showing results for 
Search instead for 
Did you mean: 

Ping between SYNC being dropped by Anti-spoofing

I have an R80.20 cluster. The SYNC interfaces are configured as follows:

FW1 -

FW2 -


Antispoofing (from the default) is as follows:

Leads To - This Network (Internal)

Security Zone - User defined (I have never defined any security zones)

Anti-spoofing - Perform anti-spoofing based on interface topology


In the firewall logs, after I ping from .1 to .2 I see the ICMP being permitted, immediately followed by a DROP and a statement 'Cluster member IP is being spoofed'.

What am I missing in my antispoofing config? Its at the default.

0 Kudos
2 Replies


I scrutinized the logs again and the logger shows the source as being the SYNC interface of a DIFFERENT firewall cluster in our environment. The SYNC connections are direct, not through a switch. How is that possible?

Does that mean we cannot use the same, small, network on all of our SYNC interfaces? They have to be different?

0 Kudos

What's the routing table look like on the affected gateway?
Because you should be able to use the same (private) sync network on each cluster, AFAIK.
0 Kudos