Hi Richard,
this is mostly a problem of defining the anti-spoofing groups in the firewall
object.
See the FW Administration Guide page 473 (and around) about NAT and
anti-spoofing:
this described very well the way FW checks anti-spoofing before or after the
translation have been done...
In your case, I suppose you just forget to add the translated (external)
addresses to the anti-spoofing group on the internal FW interface (in case of
Static Destination Mode).
Just RTFM ;-)
Best regards,
Olivier Merlin
>hi group
>i have recently installed a firewall and am receiving alerts from my
>firewall interfaces as follows:
>spoofalert nbdatagram rule 0
> nbname
> sunrpc
>there are linux and win2000 machines on both sides of the firewall and if i
>disable spoof tracking in the interface properties the alerts stop but i
>imagine this is not the ideal thing to do, what is the recommended way to
>stop the alerts while keeping correct spoof tracking operation?
>many thanks
>richard thornton
>edinburgh, scotland
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
