[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] local interface address spoofing. Turn off how?
Tim, if you are using CP 4.1 SP2 you can go into the objects.C file and configure it to respond to SecuRemote/SecureClient requests on all interfaces. This is currently a manual process, so you should fwstop the firewall, edit the objects.C file, search for your firewall object within the rulebase (it will most likely be somewhere near the top) and add a line in that section to resolve to multiple interfaces ---snip--- :resolve_multiple_interfaces (true) ---snip--- I think that this will resolve your problem Yours Kindly Gregor Munro -----Original Message----- From: [email protected] [mailto:[email protected]]On Behalf Of Russo, Tim Sent: 14 September 2000 6:26 a.m. To: '[email protected].' Subject: [FW1] local interface address spoofing. Turn off how? I am trying to get my SecureClient laptops to be able to update the SecureClient site when they are on the LAN. The problem is that the managment server has a legal "NATed" IP address in the SecureClient config. When the clients tries to update their site on the LAN, they try to go to the external address, which the firewall (default gateway) NATs to its true internal address. I added a rule to deal with the routing and some NAT issues. The problem now is that I get a "local interface address spoofing" error message (rule 0). I have turned off all anti-spoofing rules in the firewall objects and turned off MAD (at least I think I have) on the mgmt station and firewall. No luck. How do I turn off this spoofing protection or is it possible to config SecureClient to automatically use a different IP for the server when connected to the local network? Thanks. -Tim ________________________ ______ ____ ___ __ Tim Russo Xchange, Inc. Sr. Security Engineer EMail: [email protected] Phone:FAX:============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|