Solved

antispoofing or DNS problems?

Posted on 2008-06-24
3
826 Views
Last Modified: 2013-11-16
Have checkpoint NG fp3 and experienced a power outage and now no VPN clients can ping or connect any internal devices even though clients are authenticated.  Clients using secure remote log "local interface address spoofing" and can't ping or get anywhere.  While secure clients can ping some internal devices and not others.  On the client side I'm handed a address and DNS server IP from the internal network, but no gateway address from the NG dhcp server(?)   How is anti-spoofing turned off on NG fp3?  thanks in advance.  
0
Comment
Question by:TriCountyIT
  • 2
3 Comments
 
LVL 7

Accepted Solution

by:
mabutterfield earned 500 total points
ID: 21859802
Anti-spoofing is configured on the properties of the firewall object in smart dashboard.  

Goto the topology tab, and open up each interface.  You can turn anti-spoofing on and off from there.

What platform is it running on?  I've had some problems when i've lost power before that were similar to what it sounds like you're having.  

Try to uninstall the policy, then re-install it.  
0
 

Author Comment

by:TriCountyIT
ID: 21860275
Running on Linux, Client log says SecureClient failed to communicate with Policy server Firewalll at site firewall
0
 
LVL 7

Expert Comment

by:mabutterfield
ID: 21867591
On the firewall console, issue the command 'cpstat polsrv -f all'   and paste the output.

Are you getting errors in the SmartView Tracker log that correlate to a secure client failure?
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
'Include' Syntex in domain records 6 52
l2tp tunnel from pc to router 14 74
IT Contract Fee 17 132
Windows DNS Zone for a Host 2 51
Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now