Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Toolmaker
Explorer

Does anti-spoofing heed policy-based routing on R80.40, topology defined by routes?

Jump to solution

Hi,

we have a customer firewall running R80.40 using anti-spoofing with topology defined by routes - we receive some routes via OSPF.

Certain internal traffic must take a secondary WAN route - it is a matter of who pays for bandwidth. This is accomplished via policy-based routing - if source matches network A and destination is in network B, then use the table pointing to the secondary WAN router.

Other traffic to B should use the primary WAN link; its return packets will also come in via the primary WAN link.

 

The PBR setup works, packets get sent out as expected.

However, anti-spoofing denies incoming connections from B to A via the secondary WAN interface.

I would assume that "topology defined by routes" only heeds static and dynamic routes, but not PBR.

Is there a way to solve this while keeping anti-spoofing?

 

Best regards,
Bernhard

0 Kudos
Reply
1 Solution

Accepted Solutions
_Val_
Admin
Admin

Your assumption is correct. I would recommend manual anti-spoofing in this case.

View solution in original post

2 Replies
_Val_
Admin
Admin

Your assumption is correct. I would recommend manual anti-spoofing in this case.

View solution in original post

Toolmaker
Explorer

Thanks... guess I will have to forgo the comfort of routing-based anti-spoofing then.

0 Kudos
Reply