This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Solkah
Explorer
‎2025-05-21 08:04 AM

Bypass Address Spoofing for a Specific Protocol

Hi all,

 

I am receiving a lot of detect logs in the firewall caused by the bootp protocol. The problem is that the APs ask for an IP address for the clients using the same interface in which they ask for their own IP address (although they are different networks).

I know I can disable address spoofing for specific networks in the "Gateways and Servers" section but I can´t find anything similar for protocols. I also have thought about using fast_accel but I am not sure if this would work since address spoofing is checked before firewall rules are applied.

So, all in all, Is there any way to bypass the address spoofing check for the bootp protocol?

 

Thank you!

0 Kudos
5 Replies
_Val_
Admin
Admin
‎2025-05-21 08:29 AM

Firstly, why do you need to do that in the first place? 

Also, I don't believe it is possible to bypass antispoofing for some of the traffic but not all the rest. 

Finally, please see if you can find your case and resolution in this SK: https://support.checkpoint.com/results/sk/sk104114

Lesley
MVP Gold
MVP Gold
‎2025-05-21 09:55 AM

bootp is a legacy service so i suspect you configured dhcp incorrectly. Also bypass anti-spoofing with only a service like bootp is not possible. AS is based on IP's / networks. What port is used is not relevant for this feature 

-------
Please press "Accept as Solution" if my post solved it 🙂
Wolfgang
MVP Gold
MVP Gold
‎2025-05-21 01:22 PM

@Solkah  if both networks, the APs network and the clients network are behind the same interface of your gateway you have to configure both networks for this interface in the AntiSpoofing settings.

the_rock
MVP Gold
MVP Gold
‎2025-05-21 02:29 PM

Interesting question...personally, never heard of such a thing being feasable, but maybe you can verify with TAC.

Andy

Timothy_Hall
MVP Gold
MVP Gold
‎2025-05-22 05:17 AM

Pretty sure this is not possible, and using fact_accel will not help since SecureXL/sim enforces antispoofing directly on SND's.

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events