Anti-Spoofing - NG AI R54 1

[alepore]

Just took over the maintenance of our firewall. The old admin has left and I noticed when I install a policy I am getting Anti-Spoofing errors on one of the interfaces. After digging around, I noticed that it hadn't been enabled on our exterior interface. Anyone have a possible reason why he would have done this? BYW, it was doing this while he was here but I assumed he knew what he was doing and forgot to ask him why (dumbass).

Thanks in advance

 

[rn4it]

Without knowing the network architecture, I can't think of a reason. However, there was a poing in time where our DMZ would have an issue with anti-spoofing being on. This was caused by a business parterns addressing, once this was corrected it was fine. I would investigate any VPN's that you have connections with, this would be both site-site and client-site.

 

[shaggerTM]

Lots of people simply don't understand what Antispoofing is, how it works or why it's important.

If you are comfortable with Antispoofing configuration, sit down and work through the config and make sure that things are correct, then push policy down. If you aren't sure, then get a professional to help you and make sure that they explain what they are doing so that you are able to grow your own skills.


========================================
Find out about what I do for a living at

http://www.ascltd.co.uk

========================================