• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

IP Spoofing on Checkpoint Firewall

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Network Infrastructure >> IP Spoofing on Checkpoint Firewall Page: [1]
Login
Message << Older Topic   Newer Topic >>
IP Spoofing on Checkpoint Firewall - 1.Dec.2006 12:32:54 PM   
swelck

 

Posts: 3
Joined: 23.May2006
Status: offline
I have my ISA 2006 sitting behind my Checkpoint Firewall in a DMZ defined on the Checkpoint Firewall.  The ISA server has an internal interface with an IP on our corporate LAN and an external IP in the Checkpoint DMZ.  All traffic from my corporate LAN is routed through the ISA server and then the Checkpoint Firewall.  When I try to connect to the internet the DNS queries to my ISP DNS servers are dropped at the Checkpoint Firewall (DMZ interface) with address spoofing as the reason.  I have an outbound rule defined on the Checkpoint firewall to allow all traffic from the ISA server and my internal LAN outbound.  My ISA server is also allowed to Allow DNS to the internet.  If I turn off message spoofing on the Checkpoint DMZ interface everything works fine.  Is there another way to fix this without turning off the message spoofing or is this not a potential security risk?
Post #: 1
RE: IP Spoofing on Checkpoint Firewall - 1.Dec.2006 1:42:47 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi swelck,

it looks you'll have to check out your network/interface definitions on the Checkpoint firewall. Keep in mind that if you have a route relationship on the ISA server than the Checkpoint must know that the ISA's internal network is reachable through the DMZ.

HTH,
Stefaan

(in reply to swelck)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Network Infrastructure >> IP Spoofing on Checkpoint Firewall Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts