Zone protection on sub interfaces

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Zone protection on sub interfaces

L4 Transporter

Apologies if this is going over old ground but I have an issue with zone protection and am stumped trying to work out what it is.

 

I have configured and applied the zone protection profile to a layer3 sub-interface, when I test against it with crafted packets the majority of the configured protections flag using the following command

show zone-protection zone xxxxx 

However some do not, one of the ones that I would have thought would have been fairly easy to spot would be the anti -spoofing, the packet capture from the firewall shows that the packet does indeed have a spoofed address (that is one that is not reachable from the zone) but the profile is not dropping the traffic.

Any help with this would be greatly appreciated as I am pulling what hair I have left out!

 

Thank you all in advance,

PCCSA PCNSA PCNSE PCSAE
Mode44 LTD Palo Alto Consultants
0 REPLIES 0
  • 1500 Views
  • 0 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!