Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Suddenly receiving IP_SPOOF Violations in XG 210 from allowed source

Hello:

Yesterday I started seeing these IP_SPOOF violations from our remote site that is on the allowed list in the DNAT firewall rule. They are unable to connect or ping our DNAT devices setup behind the firewall. We can connect to them with out any problem. This happened after the latest update to the firewall (SFOS 20.0.2 MR-2-Build378). I have rebooted both firewalls (in Active-Passive cluster) as well as the switch that connects them. I have also rebooted to router that handles the external public IP addressing. I have never seen this before. Does anyone have any thought?

Thank you



Edited TAGs
[edited by: Erick Jan at 2:27 PM (GMT -7) on 27 Aug 2024]
Parents Reply
  • Are you facing any challenge in accessing DNATed service?

    If DNAT service is accessible without any issue, it's possible that these ARP requests might be getting dropped earlier as well but not seen until packet capture is run.

    Switch would be required for HA deployment so if there is no change happened on switch side recently, it might be behaving similar way earlier also.

    If you are facing issue in accessing DNATed service due to this, you might want to disable spoofing functionality and check it once.

    Regards,

    Sanket Shah

    Director, Software Development, Sophos Firewall

Children
No Data