[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Anti-spoofing
Title: Anti-spoofing Hi
Don,
you
need to enable
External interface - " Others" .
wherever, you have natted addresses coming into
picture,
create a specific group which includes your internal
network address and your natted addresses
so,
in your case, it will be,
DMZ-
specific ( which includes 192.168.2.1 plus netted addresses of DNS and web
server)
Internal- specific ( which includes 192.168.1.1 plus
natted address of email server and web server)
In
case, you do not have any natted addresses on your internal network, you can
enable " Thisnet" which should work...
you
can keep spoof tracking to "Log" or "alert"
this
has worked for me....hope it helps you........
rgds,
Pradeepa
I was wondering if someone could give me your input
on anti-spoofing. I have 3 interfaces on my FW: Donnie Leeper
|