This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Smorales
Participant
a month ago
Jump to solution

Disable AntiSpoofing in SMB Cluster

Hello, everyone.

I am going to implement a cluster using Quantum Sparks (model 1600).

I have a question about anti-spoofing, because when I create the cluster, it works fine in my lab environment, but when I have to implement it in the customer's environment, I have to disable it because my customer uses a dynamic routing protocol.

Normally, I disable antispoofing in the Topology tab of the firewall object within SmartConsole, but when I create the cluster object, I cannot select that tab, and when I select the interface on each member of the cluster, I don't see where I can disable antispoofing.

I see that I can disable the antispoofing feature using the next command: 

set antispoofing advanced-settings global-activation false

Based on the next documentation: https://sc1.checkpoint.com/documents/SMB_R81.10.X/CLI/EN/Content/Topics/165373.htm?tocpath=Configuri...

Does anyone know if this command is sufficient to disable anti-spoofing in the cluster?
Is there anything else I need to consider?
Can it be saved in a kernel file so that it survives reboots, or does it survive?

Does anyone have any experience with this situation?

Best regards!

Preview file
60 KB
Preview file
104 KB
0 Kudos
4 Solutions

Accepted Solutions
TJ_Aus
Collaborator
a month ago
Jump to solution

Try this


[Expert@]# fw ctl get int fw_antispoofing_enabled
fw_antispoofing_enabled = 1
[Expert@]#

to disable:
fw ctl set int fw_antispoofing_enabled 0

to enable:
fw ctl set int fw_antispoofing_enabled 1

View solution in original post

0 Kudos
sigal
Employee
Employee
a month ago
Jump to solution

Hi,
In the Topology/Network Management page in SmartConsole, try changing "Automatically calculated by the gateway" to "Manually defined on the Security Management server".

Thanks.

View solution in original post

0 Kudos
the_rock
MVP Gold
MVP Gold
a month ago
Jump to solution

That command works the same regardless if its cluster or not, since its global.

 

HTH

Andy

View solution in original post

G_W_Albrecht
MVP Silver
MVP Silver
a month ago
In response to TJ_Aus
Jump to solution

Attention - the new fw ctl set value will not survive a reboot! If you want it to survive a reboot, use:

[expert] fw ctl set -f int fw_antispoofing_enabled 0
"fwkern.conf" was updated successfully

Also found in relevant SK https://support.checkpoint.com/results/sk/sk117618 is:

Note: To turn off anti-spoofing checks, SecureXL also needs to be turned off (fwaccel off). Restarting SecureXL (fwaccel on) will re-enforce anti-spoofing checks.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

4 Replies
TJ_Aus
Collaborator
a month ago
Jump to solution

Try this


[Expert@]# fw ctl get int fw_antispoofing_enabled
fw_antispoofing_enabled = 1
[Expert@]#

to disable:
fw ctl set int fw_antispoofing_enabled 0

to enable:
fw ctl set int fw_antispoofing_enabled 1

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
a month ago
In response to TJ_Aus
Jump to solution

Attention - the new fw ctl set value will not survive a reboot! If you want it to survive a reboot, use:

[expert] fw ctl set -f int fw_antispoofing_enabled 0
"fwkern.conf" was updated successfully

Also found in relevant SK https://support.checkpoint.com/results/sk/sk117618 is:

Note: To turn off anti-spoofing checks, SecureXL also needs to be turned off (fwaccel off). Restarting SecureXL (fwaccel on) will re-enforce anti-spoofing checks.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
sigal
Employee
Employee
a month ago
Jump to solution

Hi,
In the Topology/Network Management page in SmartConsole, try changing "Automatically calculated by the gateway" to "Manually defined on the Security Management server".

Thanks.

0 Kudos
the_rock
MVP Gold
MVP Gold
a month ago
Jump to solution

That command works the same regardless if its cluster or not, since its global.

 

HTH

Andy

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events