WatchGuard Firebox and spoofing from inside

[Wolfgang Scholz]

Hi,

I get a lot of spoofing messages in my WatchGurad Firebox from inside the
network.
But, that spoofed addresses are ok.
There runs a AIX HA/CMP Cluster, which uses for Ethernet-Adapter swap a eg.
10.10.10.n network inside my normal network. It means the AIX box has 2
ethernet adapters, one eg. 10.10.10.1 and the other one 192.168.000.1. The
firebox recoginzes now the 10.10.10.1 as spoofing.
That's correct, but I doesn't want the entries in the logs.
What I have to do?

Thanks
Wolfgang

[Lefty]

i used to get messages from my sonicwall tele3 wiht vmware on my laptop..
it bridges through the 192.168.0.100 ip two other ip addresses... part of
vmwares ability to bridge thorugh your nic and provide network access to
vmsessions..

this is not what you have, but i have a feeling that the watchguard is
seeing two ip addresses and once MAC if i get you right... (i thought that
dual nic cards had TWO MAC's) but this might be the problem.. not sure how
to fix it...

r

[Wolfgang Scholz]

No, there are 2 ethernet cards inside the aix box, each with it's own MAC
address. And each ethernet card has a own IP-address.

Wolfgang
"Lefty" <mall...@bigfoot.com> schrieb im Newsbeitrag
news:d1HP8.32486$ZF.356...@newssvr11.news.prodigy.com...

[Lefty]

then that aint it...

just tossing out ideas...

[Brad Werschler]

Wolfgang Scholz wrote:

You should be able to disable the logging of spoofed addresses using the
Policy Manager, under Setup -> Default Packet Handling -> Logging. Of
course, once you do this, you don't be notified when spoofed addresses
attempt to enter from outside of your network as well. I don't believe the
Watchguard interface has the flexiblity to specify precise logging settings
regarding spoofed packets. You either log them globally or you don't.

Brad