This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
tepeeeeei
Explorer
‎2023-04-17 08:14 PM
Jump to solution

exclude anti-spoofing for communication from specific IP addresses

Dear Team,

In the given network environment, is there a way to configure the anti-spoofing settings to exclude communications from specific IP addresses only? The environment is as follows:

  • Check Point 6200
  • OS: R81.10
  • Anti-spoofing enabled on "external" and "internal" interfaces
  • Topology "external" : External
  • Topology "internal" : 10.10.0.0/16

The internal topology is set to 10.10.0.0/16,

but communication from 10.10.254.240/28 comes through the external interface.

Is there a good way to exclude this?

0 Kudos
1 Solution

Accepted Solutions
Timothy_Hall
MVP Gold
MVP Gold
‎2023-04-18 04:46 AM
Jump to solution

Yes, select the "Don't check packets from" option on the External interface:

exclude.png

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course

View solution in original post

(1)
5 Replies
Timothy_Hall
MVP Gold
MVP Gold
‎2023-04-18 04:46 AM
Jump to solution

Yes, select the "Don't check packets from" option on the External interface:

exclude.png

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
(1)
tepeeeeei
Explorer
‎2023-04-18 04:35 PM
In response to Timothy_Hall
Jump to solution

I can't believe it was such a simple solution!
I feel a bit embarrassed for asking, but thank you for your help.

Just to confirm, with this setting, it will behave as follows, right?

  • This setting only disables the spoofing check for packets with the specified IP addresses coming from the external interface.
  • If a packet with the specified IP address as its source comes from the internal side, it won't be considered spoofing either, because the internal topology is set to 10.10.0.0/16.

Thanks again for your assistance, and have a great day!

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2023-04-18 07:39 PM
In response to tepeeeeei
Jump to solution

Not exactly. That setting lets you exempt whatever IP ranges you do NOT want checked for anti spoofing that hit external interface. Be careful though...usually, people may have external peer IPs there, as it may happen there are VPN issues until you place the peer ip address in there. Just my experience, but every case is different. Btw, that setting ONLY works with external or VTI interface, as vti is technically considered "extension" of external interface.

 

For packets coming from internal side, its got nothing to do with that setting, as it would hit internal interface, not external.

Best,
Andy
konrado_91
Explorer
‎2024-12-09 02:36 AM
In response to Timothy_Hall
Jump to solution

Hey Tim,

Thank You for pointing out solution to this problem as we run into the same predicament last week. Follow up question on this topic:

Do we need to disable button "Calculate topology automatically based on routing information" for Your solution to work? or we can keep it enabled(as we prefer keep it that way)?

Zrzut ekranu 2024-12-09 113615.jpg

 

 

0 Kudos
Timothy_Hall
MVP Gold
MVP Gold
‎2024-12-09 11:18 AM
In response to konrado_91
Jump to solution

You shouldn't need to disable that option to my knowledge, the override should still work.

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events