Configuring Using the GUI
Nokia IP71 User Guide
83
Configuring Anti-Spoofing
If anti-spoofing is configured (that is, the entries for
Valid Addresses
on each
interface are set to something other than
Any
), modify the anti-spoofing
configuration to account for address translation. Otherwise, you will see:
n
Traffic accepted by the firewall to the translated IP address, but the traffic
never makes it to its intended destination.
n
Drops or rejects on rule 0 in the logs.
Note
It is a good idea to have your spoof track set to log on all your interfaces,
even if you currently do not use the anti-spoofing configuration. This aids
in debugging, particularly if you configure it.
Before NAT was set up, the anti-spoofing was set up as shown in Table 8.
However, this set up is not sufficient when using NAT to devices on your
internal network. Include those legal IP addresses that are statically translated
to your internal network. In this case, it means adding 204.32.38.10 to the
valid addresses setting for the internal interface. Create a group to do this. In
this case, it is called eth1-valid. Put the following objects into the group:
n
Internal_Network
n
WWW_Server_External
Table 8 Configuring Anti-Spoofing
Interface
IP Address
Valid Address Setting
eth0
204.32.38.1
Others
eth1
192.168.1.1
This Net
Summary of Contents for IP71
Page 1: ...IP71 User Guide version 2 0 N450794001 Rev A October 2002 ...
Page 4: ...iv Nokia IP71 User Guide ...
Page 94: ...4 Configuring a VPN 94 Nokia IP71 User Guide ...
Page 102: ...A Obtaining a Check Point License 102 Nokia IP71 User Guide ...
Page 108: ...B Technical Specifications 108 Document Title Variable ...