- Products
- Learn
- Local User Groups
- Partners
-
More
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
IDC Spotlight -
Uplevel The SOC
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Hello Everyone!
I'm wondering, is there someone, who already face the following issue with r77.30 VSX:
I set an interface anti-spoofing of a VS to DETECT, because I had many drops and have no time to set all the routings.
However the traffic is still not went through the firewall as it should be, but in the tracker, I saw the detect events.
So I had to completely turned off the ants-spoofing protection on that interface, then all is good.
What do you think, this is a bug, an undocumented feature or just I missed something in the official documentation?
Thx for the answers!
Balint
Is it possible that traffic passed multiple VSes and/or interfaces so it was dropped somewhere else by spoofing? And when you disabled spoofing completely it covered missing interfaces?
In any case - instead of trying to fix this detect issue I would rather spend time to fix routing and spoofing
You know that you can use automatic spoofing calculation based on existing routing?
Thanks for the answer!
No other vs/interface involved. Also I see the traffic with DETECT action in the tracker.
Just not arrives to the destination.
Of course, my plan is to correct the routing for sure. But it was a strange behavior which surprised me and cause some uncomfortable hours.
I'm using the auto cal on every VS with prevent settings. But there were lot of routes missing and the "set to detect" was the fastest solution to my problem.
btw, the interface is a wrp to a virtual switch. Maybe that had something do with this.
Probably silly question but I assume that pushed both topology and policy after you set spoofing to detect mode? I'm still confused how it failed to work correctly when you have tooiloto set to automatic. Sounds really strange.
I pushed the policy.
Anyway, when I'll have more time to play, I'll set up a test VS on this vsx cluster and do some test/troubleshoot.
Maybe this was some mysterious event, which will never come up again.
Thx for your notes
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY