Firebox Firebox ip spoofing sites (internal policy)


not getting over this problem and hope anybody has an idea for me.

On my firebox i have an interface configured for my client LAN which is in Bridge mode for my VPN. This works fine, but I'm trying now to get out from client LAN into the WWW using an explicit proxy. The Proxy itself is working though from my management LAN. But if i'm using it from the client LAN i get drops for ip spoofing.

I have already whitelisted my networks in the blocked sites section, but get them anyway. Is there a way to work around it?

thanks in advance.


  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @jimha
    IP Spoofing means that the firewall is seeing traffic coming in from a network on an interface that it's not expecting it on.

    -This may mean something downstream is pushing traffic onto the wrong physical network or VLAN.
    -This might mean something is incorrectly or is stripping VLAN tags.

    The IP spoofing deny line should say what interface the traffic arrived on, and what the IP address was. If the IP for that interface/VLAN don't match what's configured, the firewall will drop it as spoofing.

    If you need assistance determining how this is happening, I'd suggest creating a support case and one of our team can assist in determining where the traffic is arriving from.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.