Is the destination host defined in the topo of the interface the traffic is leaving? Are you natting this packet and trying to send it back out the external interface?
-GS -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Edouard Zorrilla Sent: Sunday, September 16, 2007 12:50 PM To: [email protected] Subject: [FW-1] Message_Info: Address Spoofing Importance: High Hello All, I have a problem that have just appeared yesterday when I tried to set up a connection thru a Checkpoint NG R54 where the source address is 160.1.251.211 and the destination was 200.4.221.225. The issue is that I get the connection droped because of address spoofing at the outside interface. The outside interface is 172.30.1.2/24 which does not belong to the source Network, even though that I still get the packet droped due to address spoofing problem. have been doing some research about this and I found the document sk21181 which I do really do not understand at all very well. What I mean is that, if the outside interface is set as a external at the anti-spoofing parameter, it should not block any address which does not balong to any internal network. Should it ? Regards ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
