Solved

Dell Sonicwall - IP Spoof Detection

Posted on 2014-11-17
  • Hardware Firewalls
  • Network Security
  • Network Management
  • Networking
  • Network Operations
  • +1
1
494 Views
Last Modified: 2016-11-23
The Setup:
Sonicwall NSA 4500
X0 LAN
X1 ISP#1
X2 ISP#2
X3 SAN network
X4 ISP #3
x5 ISP #5

X1-2 are actually the same ISP, but just have a disjoint subnet with static IP's in compeltely different ranges.  These two interfaces connect to a small switch and up to the ISP (radio based)

x5 ISP #4 is business class cable for browsing the internet.  No static IPs.

X4 ISP #3 - New ISP via fiber with a ton of static IP's.  

Here's my issue.   Only on the new X4 (ISP #3) - Any time I setup a NAT (either 1-2-1 or port based) and my firewall rules, nothing works.  Went as far as directly attaching a laptop to the carrier's handoff and assigning a static IP and it works.  

After some looking around, I am getting
Intrusion prevention    IP Spoof Dropped   <source> <destiantion>  mac: <MAC of the carriers router>


I can resolve this by turning off IP spoof detection on the "hidden" daiag page - but I'd really a)Not like to have to do that b) Have this work as planned.  

Thoughts?
0
Comment
Question by:JamesonJendreas
1 Comment
 
LVL 24

Accepted Solution

by:
diverseit earned 500 total points
Comment Utility
Hi JamesonJendreas,

Exclude the MAC addresses in IPS under Configure IPS Settings.

1. Create Address Objects

First create an Address Objects for each MAC address of the carriers router.

2. Create Address Object Group

Then create an Address Object Group named e.g. IPS Exclusion List and add the Address Objects to that group.

3. Configure IPS Services

Next go to Security Services > IPS and click Configure IPS Settings. Check Enable IPS Exclusion List and select Use Address Objects. Finally, select the newly created Address Object Group named e.g. IPS Exclusion List and click OK to save.
Let me know if you have any questions!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now