Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
RCHSvof
Explorer

Group in Antispoof Group

Jump to solution

Hello, a quick question.

We are trying to add a network group to the Antispoof group.

Unfortunately, it does not seem to work, can it be that groups in the Antispoof group are not resolved?

Thanks for your help
Best regards
René

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

So it's a nested group then?
Again, far as I know, this should work.
Are you getting actual drops on Anti-Spoofing showing in the logs?
I suspect a TAC case is in order.

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

Groups are supported in anti-spoofing.
Can you describe more precisely what you mean by “does not seem to work” along with the version/JHF in question.

0 Kudos
Daniel_Ranft
Participant

Hi,

sorry that it took so long for us to answer, i had two weeks vacation. Rene and I are facing the issue that we have to allow traffic from our internal VPN solution (not terminating on the gateways) to a third party network, that is directly attached to our internal network (no VPN). This third-party network has a crap-ton of routes, so we want to group them of course.

Now comes the part, that we struggle with: The VPN users can access our internal stuff, that is listed directly in the "internal_spoof" group, but not the systems, that are listed in the third party network group, which is also listed in the internal_spoof group. Gaia routing is fine, our people at the office can access the third party network just fine.

Management and Gateways are on R80.40 with the latest JHF.

Any more questions? All help is much appreciated.

-- Daniel

0 Kudos
PhoneBoy
Admin
Admin

So it's a nested group then?
Again, far as I know, this should work.
Are you getting actual drops on Anti-Spoofing showing in the logs?
I suspect a TAC case is in order.

View solution in original post

0 Kudos
Daniel_Ranft
Participant

Hi,

excactly, nested grouping. And yes, I get drops with reason Anti-Spoofing. I will contact support then.

Best regards and thank you as always,

-- Daniel

0 Kudos