Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Copper

can anyone tell me the correct command to disbale anti spoofing fro the cli?

So we recently ran into a situation where anti spoofing got triggered on our internet firewall due to some change in the netwrok that was carried out in the morning time and it affected the network that firewall uses to communicate with the management server, so all the packets were being dropped or that particular initerface and it was affecting productino traffic , so after hours and hours of trying to apply the correcct command to disable anti spoofing none of them worke, we called support and that person couldnt help wither as she had no idea about the command so she raised it to tier 3 but by the time the tier 3 engineer came to help my colleage found out the command however im not a hundred percent sure if i copied over the correct command to my notes, since upon trying it in my lab environment on cli thiis command does not disble anti spoofing on my spoofing enabled interfaces on the firewalls in my topology, command used-

fw ctl get int fw_antispoofing_enabled -a

Maybe the correct command is a variation of this command so please somone tell me the correct command so we dont fall into a similar situation again.

 

Thanks.

0 Kudos
3 Replies
Highlighted
Admin
Admin

That command will just tell you if it's enabled (without the -a).
To disable it: fw ctl set int fw_antispoofing_enabled 0
Note this will only disable it until reboot.
0 Kudos
Highlighted

@PhoneBoy's answer is partially correct, but it depends on the code version and Jumbo HFA you are using.  These commands assume SecureXL is enabled:

R80.10 and earlier:

fw ctl set int fw_antispoofing_enabled 0

sim feature anti_spoofing off; fwaccel off; fwaccel on

R80.20 GA through Jumbo HFA Take 102: Impossible

R80.30 (kernel 2.6.18) GA through Jumbo HFA Take 75: Impossible

R80.20 Jumbo HFA Take 103+, R80.30 (kernel 3.10) GA, R80.30 (kernel 2.6.18) Jumbo HFA  76+, R80.40 GA:

fw  ctl  set  int  fw_antispoofing_enabled  0

fw  ctl  set  int  sim_anti_spoofing_enabled  0  -a

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
0 Kudos
Highlighted
Copper

Thank you very much sir
0 Kudos