topic Re: How does anti-spoofing work when there is no default route configured and when policy based forwarding is enabled in General Topics https://live.paloaltonetworks.com/t5/general-topics/how-does-anti-spoofing-work-when-there-is-no-default-route/m-p/26247#M19164 <HTML><HEAD></HEAD><BODY><P>Hi Sarish,</P><P>The PANFW would still perform route lookup for the traffic coming in from the source zone/ source interface. If the PANFW detects that the traffic ingressing the traffic comes on the incorrect interface, it drops them as spoofed packets or with "no-arp-found" message. It cannot check the same for the destination address because, we are forcing the firewall to route the traffic out via another interface. After the traffic matches a PBF rule, the traffic is subjected to a security rule match, and a session would be setup for the traffic&nbsp; ( client to source and return traffic-source to client). Both the client to server and the server to client traffic is again subjected to other security checks.</P><P></P><P>Let me know if that helps.</P><P></P><P>BR,</P><P>Karthik RP</P></BODY></HTML> Thu, 18 Jul 2013 13:59:11 GMT kprakash 2013-07-18T13:59:11Z How does anti-spoofing work when there is no default route configured and when policy based forwarding is enabled https://live.paloaltonetworks.com/t5/general-topics/how-does-anti-spoofing-work-when-there-is-no-default-route/m-p/26246#M19163 <HTML><HEAD></HEAD><BODY><P>Good day,</P><P></P><P>Please advise, how does the PANOS handle antispoofing when there is no default route configured in a VR, only the policy based forwarding is enabled within that VR.</P><P></P><P>Does the policy based forwarding entry update the routing table entries.</P><P></P><P>Regards</P><P></P><P>Sarish</P></BODY></HTML> Thu, 18 Jul 2013 13:47:43 GMT https://live.paloaltonetworks.com/t5/general-topics/how-does-anti-spoofing-work-when-there-is-no-default-route/m-p/26246#M19163 T_SystemsSouthAfrica 2013-07-18T13:47:43Z Re: How does anti-spoofing work when there is no default route configured and when policy based forwarding is enabled https://live.paloaltonetworks.com/t5/general-topics/how-does-anti-spoofing-work-when-there-is-no-default-route/m-p/26247#M19164 <HTML><HEAD></HEAD><BODY><P>Hi Sarish,</P><P>The PANFW would still perform route lookup for the traffic coming in from the source zone/ source interface. If the PANFW detects that the traffic ingressing the traffic comes on the incorrect interface, it drops them as spoofed packets or with "no-arp-found" message. It cannot check the same for the destination address because, we are forcing the firewall to route the traffic out via another interface. After the traffic matches a PBF rule, the traffic is subjected to a security rule match, and a session would be setup for the traffic&nbsp; ( client to source and return traffic-source to client). Both the client to server and the server to client traffic is again subjected to other security checks.</P><P></P><P>Let me know if that helps.</P><P></P><P>BR,</P><P>Karthik RP</P></BODY></HTML> Thu, 18 Jul 2013 13:59:11 GMT https://live.paloaltonetworks.com/t5/general-topics/how-does-anti-spoofing-work-when-there-is-no-default-route/m-p/26247#M19164 kprakash 2013-07-18T13:59:11Z