External and Anti-Spoofing problem

[lermure]

Hi,

I need some help on a problem with Anti-spoofing feature.

I have a Checkpoint VPN module. with two NIC cards, that is connect in a DMZ and in internal network. Because the internal network AND Internet (External) can access the VPN module via the DMZ NIC, I have disable the Anti-Spoofing on the DMZ interface. I cant stop traffic comming from internal network to the VPN NIC. Firewall and VPN module have to be splited.

So what I want to do is a group with EXTERNAL object and INTERNAL object so i can activate the anti-spoof to remove the warning errors I get when installing rules.

But EXTERNAL object not exist. Any know what i can do?

 

[ChrisAC]

Why is the internet connection on the 'internal' network? What protects the internal network from the internet?

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[lancelote]

It's silly to have Internet connection on the internal network !
If you do that the DMZ like you called it become the external interface. So if you configure this interface in external way you will not have anymore the message.

LaNceLoT