Options
Spoofed ip
I have setup a lab.
If a user authenticates to a XTM25-W fw then the user are allowed to visit a website behind a M500 fw. Fine, but when I try this I get "Spoofed if/site" in M500.
So then, if I add a route in M500 to the clients ext.ip it is working ok.
(XTM trusted interface is on same trusted interface as M500)
My question, is this the way to do it?
I mean, I don´t want add routes to misc. ip´s all the time to avoid this "Spoofed ip" problem.
-turn of "Drop spoofing attacks" is one option but maybe not so good...
Any ideas?
I have a simple drawing of the setup, not sure how to post it here (url? how?)
0
Sign In to comment.
Comments
You can upload a diagram to an upload site and include a link to it in your post.
Please post a sample spoofed source log message so that we can see the source IP addr etc. from the log message.
OK, have some issue finding an upload site, there is improvment for this forum to be able to add images ;-).
Anyway: I have solved it by editing the HTTPS-rule, and then SNAT: I ticked "Set source IP: 192.168.116.xx"