This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
About smk391
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- About smk391
04-22-2021
1Post
0Likes
0Solutions
Apr 22, 2021Last Visited
User
Activity
User
Profile
Latest posts by smk391
| Subject | Views | Posted |
|---|---|---|
| 2110 | 11-23-2020 06:48 AM |
User Badges
Community Statistics
| Member Since | 06-29-2020 01:51 AM |
| Date Last Visited | 04-22-2021 07:11 AM |
| Posts | 1 |
11-23-2020
06:48 AM
I'm planning to implement IP drop - under Zone protection on a production system. I'm really only interested in the ' IP Spoofing ' aspect & I'd like to understand a little more on how it works so that I can addresses any issues, should they arise. Is the basis of IP spoofing to stop any RFC 1918 addresses from coming into the FW from the untrusted zone ? High level setup. Two interfaces - one Untrusted zone with connectivity to the Internet and the other on the trust Zone, the local subnets live behind this trusted zone. I have a couple of static routes within the VR 0.0.0.0/0 to the ISP's Router 192.168.50.X/24 192.168.60.X/24 pointing to the internal L3 Switch for routing to the Local LAN From what I have read I'm understanding the following. The zone protection is applied to the Untrusted Zone ? This will check the source IP address of the inbound packet ? This will check the routing table to check that the source IP is expected on that Untrusted Interface ? I wanted to look at the following and if the packet would get dropped because of IP spoofing or not. From my internal network src=192.168.50.150 a client needs to get out to the Internet to 8.8.8.8 The IP drop check will be done on the interface connected to the ISP and applied ingress The traffic outbound from the client to the Internet would be allow, since I'm not checking anything on that trusted Interface. The return traffic would come into the FW and be checked. since the routing tables allows all traffic with the 0.0.0.0/0 , this traffic would be allowed. The orginial source ( from the .150 ) address internally would also be allowed since this subnet is also within the routing table and on a interface which is the firewall expects it to be in , ie. LAN / Trust side. Does this sound correct ? If the source client address was 172.16.100.1 for example, then this traffic would be allowed out to the Internet but the return traffic would be dropped, since the FW would check the destination and not find it in the routing table for that internal interface ? Is this correct ? Inbound from the Untrusted Zone would allow any IP address except any subnet found on the Trusted Zone routing table or Interface ??
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
04-22-2021
07:11 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2022 - Palo Alto Networks