Solved

Dell Sonicwall - IP Spoof Detection

Posted on 2014-11-17
1
732 Views
Last Modified: 2016-11-23
The Setup:
Sonicwall NSA 4500
X0 LAN
X1 ISP#1
X2 ISP#2
X3 SAN network
X4 ISP #3
x5 ISP #5

X1-2 are actually the same ISP, but just have a disjoint subnet with static IP's in compeltely different ranges.  These two interfaces connect to a small switch and up to the ISP (radio based)

x5 ISP #4 is business class cable for browsing the internet.  No static IPs.

X4 ISP #3 - New ISP via fiber with a ton of static IP's.  

Here's my issue.   Only on the new X4 (ISP #3) - Any time I setup a NAT (either 1-2-1 or port based) and my firewall rules, nothing works.  Went as far as directly attaching a laptop to the carrier's handoff and assigning a static IP and it works.  

After some looking around, I am getting
Intrusion prevention    IP Spoof Dropped   <source> <destiantion>  mac: <MAC of the carriers router>


I can resolve this by turning off IP spoof detection on the "hidden" daiag page - but I'd really a)Not like to have to do that b) Have this work as planned.  

Thoughts?
0
Comment
Question by:JamesonJendreas
1 Comment
 
LVL 25

Accepted Solution

by:
Diverse IT earned 500 total points
ID: 40480147
Hi JamesonJendreas,

Exclude the MAC addresses in IPS under Configure IPS Settings.

1. Create Address Objects

First create an Address Objects for each MAC address of the carriers router.

2. Create Address Object Group

Then create an Address Object Group named e.g. IPS Exclusion List and add the Address Objects to that group.

3. Configure IPS Services

Next go to Security Services > IPS and click Configure IPS Settings. Check Enable IPS Exclusion List and select Use Address Objects. Finally, select the newly created Address Object Group named e.g. IPS Exclusion List and click OK to save.
Let me know if you have any questions!
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Bandwidth cap???? 8 59
Cannot unmount datastore 5 70
Certifications 8 37
How to secure a Folder on a Windows Server 3 54
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question