I got a annoying strange behavior:
Perimeter Checkpoint, Transfernet to Core Firewall with topoloy RFC1918 networks.
New VPN tunnel with a /24 net from 10.0.0.0/8 range.
Excluded tunneled network from address spoofing on external interface.
Created a Group RFC1918 networks with Exclusion of tunneld /24 network.
Set that group with exclusion to transfernet core-firewall interface
Traffic from VPN tunnel arrives, but dropped because of address spoofing.
What am I missing?
Help is much appreciated