- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hello Everyone!
I'm wondering, is there someone, who already face the following issue with r77.30 VSX:
I set an interface anti-spoofing of a VS to DETECT, because I had many drops and have no time to set all the routings.
However the traffic is still not went through the firewall as it should be, but in the tracker, I saw the detect events.
So I had to completely turned off the ants-spoofing protection on that interface, then all is good.
What do you think, this is a bug, an undocumented feature or just I missed something in the official documentation?
Thx for the answers!
Balint
Is it possible that traffic passed multiple VSes and/or interfaces so it was dropped somewhere else by spoofing? And when you disabled spoofing completely it covered missing interfaces?
In any case - instead of trying to fix this detect issue I would rather spend time to fix routing and spoofing
You know that you can use automatic spoofing calculation based on existing routing?
Thanks for the answer!
No other vs/interface involved. Also I see the traffic with DETECT action in the tracker.
Just not arrives to the destination.
Of course, my plan is to correct the routing for sure. But it was a strange behavior which surprised me and cause some uncomfortable hours.
I'm using the auto cal on every VS with prevent settings. But there were lot of routes missing and the "set to detect" was the fastest solution to my problem.
btw, the interface is a wrp to a virtual switch. Maybe that had something do with this.
Probably silly question but I assume that pushed both topology and policy after you set spoofing to detect mode? I'm still confused how it failed to work correctly when you have tooiloto set to automatic. Sounds really strange.
I pushed the policy.
Anyway, when I'll have more time to play, I'll set up a test VS on this vsx cluster and do some test/troubleshoot.
Maybe this was some mysterious event, which will never come up again.
Thx for your notes
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY