I'm having a weird anti-spoofing issue that I can't figure out. Does anyone have any ideas?
As per the diagram, I have a SmartCenter in a DMZ which manages several other gateways routed behind the LAN interface. These all work fine.
I've just added another routed network 172.16.0.0/19 behind the LAN router. It's in the spoof group for eth1, and there's a single static route for 172.16.0.0/19 via 10.202.1.1.
I have no other objects or routes for any 172.16.x IP's besides the network object for 172.16.0.0/19.
When I go from the SmartCenter to 172.16.8.x it routes and works fine.
When I go from the SmartCenter to 172.16.6.x I see the SmartCenter IP dropping on the LAN interface (eth1) with anti-spoofing.
fw monitor looks the same for both 172.16.8.x and 172.16.6.x. It shows my traffic entering eth2 and leaving eth1, which is correct.
Why does traffic to 172.16.6.x cause an anti-spoofing drop for 192.168.37.20 on eth1???
| User | Count |
|---|---|
| 12 | |
| 11 | |
| 8 | |
| 5 | |
| 5 | |
| 5 | |
| 5 | |
| 3 | |
| 3 | |
| 3 |
Thu 02 May 2024 @ 04:00 PM (CEST)
CheckMates Live DACH - Keine Kompromisse - Sicheres SD-WANThu 02 May 2024 @ 05:00 PM (CEST)
SASE Masters: Deploying Harmony SASE for a 6,000-Strong Workforce in a Single Weekend
