Spoofed ip

I have setup a lab.
If a user authenticates to a XTM25-W fw then the user are allowed to visit a website behind a M500 fw. Fine, but when I try this I get "Spoofed if/site" in M500.
So then, if I add a route in M500 to the clients ext.ip it is working ok.
(XTM trusted interface is on same trusted interface as M500)

My question, is this the way to do it?
I mean, I don´t want add routes to misc. ip´s all the time to avoid this "Spoofed ip" problem.
-turn of "Drop spoofing attacks" is one option but maybe not so good...

Any ideas?
I have a simple drawing of the setup, not sure how to post it here (url? how?)


  • Options

    You can upload a diagram to an upload site and include a link to it in your post.

    Please post a sample spoofed source log message so that we can see the source IP addr etc. from the log message.

  • Options

    OK, have some issue finding an upload site, there is improvment for this forum to be able to add images ;-).

    Anyway: I have solved it by editing the HTTPS-rule, and then SNAT: I ticked "Set source IP: 192.168.116.xx"

Sign In to comment.