topic Zone protection on sub interfaces in Advanced Threat Prevention Discussions https://live.paloaltonetworks.com/t5/advanced-threat-prevention/zone-protection-on-sub-interfaces/m-p/383331#M1053 <P>Apologies if this is going over old ground but I have an issue with zone protection and am stumped trying to work out what it is.</P><P>&nbsp;</P><P>I have configured and applied the zone protection profile to a layer3 sub-interface, when I test against it with crafted packets the majority of the configured protections flag using the following command</P><P>show zone-protection zone xxxxx&nbsp;</P><P>However some do not, one of the ones that I would have thought would have been fairly easy to spot would be the anti -spoofing, the packet capture from the firewall shows that the packet does indeed have a spoofed address (that is one that is not reachable from the zone) but the profile is not dropping the traffic.</P><P>Any help with this would be greatly appreciated as I am pulling what hair I have left out!</P><P>&nbsp;</P><P>Thank you all in advance,</P> Mon, 01 Feb 2021 23:41:54 GMT laurence64 2021-02-01T23:41:54Z Zone protection on sub interfaces https://live.paloaltonetworks.com/t5/advanced-threat-prevention/zone-protection-on-sub-interfaces/m-p/383331#M1053 <P>Apologies if this is going over old ground but I have an issue with zone protection and am stumped trying to work out what it is.</P><P>&nbsp;</P><P>I have configured and applied the zone protection profile to a layer3 sub-interface, when I test against it with crafted packets the majority of the configured protections flag using the following command</P><P>show zone-protection zone xxxxx&nbsp;</P><P>However some do not, one of the ones that I would have thought would have been fairly easy to spot would be the anti -spoofing, the packet capture from the firewall shows that the packet does indeed have a spoofed address (that is one that is not reachable from the zone) but the profile is not dropping the traffic.</P><P>Any help with this would be greatly appreciated as I am pulling what hair I have left out!</P><P>&nbsp;</P><P>Thank you all in advance,</P> Mon, 01 Feb 2021 23:41:54 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/zone-protection-on-sub-interfaces/m-p/383331#M1053 laurence64 2021-02-01T23:41:54Z