topic Spoofed packet in Network Security

Spoofed packet

solid_978 — Tue, 12 Mar 2019 07:35:21 GMT

We have a server was having connection issue, from further analysis I discovered that our firewall getting dropped due spoofed packet,
in my opinion it is a false positive, my topology L2 is following:

S1-->S2-->Nexus-->Firewall

then firewall come back on nexus and nexus route toward different interface where is the final destination. S1 has a default route with next hop layer 3 of firewall

S1 and Firewall has common broadcast interface Layer 3

Perhaps Firewall detects two net coming from same mac (in imput and output with same mac: the nexus MAC) and apply rule about spoofed

Am I correct?
However if I disable spoofed rule into FW every packet flows in right way.

Any advice?

Does all the internal traffic

Philip D'Ath — Wed, 06 Apr 2016 19:46:04 GMT

Does all the internal traffic enter just one interface on the firewall? Does the firewall have a Portchannel to anything?

Are there more than one L3 routed path between some devices so that asymmetric routing could be happening?

Hi Philip,

solid_978 — Wed, 06 Apr 2016 20:11:14 GMT

Hi Philip,

yep previously there was asymmetric routing and then I try to fix with static /32, at the moment I have just /32 route vs firewall, as side firewall has two /32 route too, one for LAN pointing layer 3 next hop of S1 (source) and other one face common layer 3 between nexus and firewall,the interface are 2 normal interface but I have still spoofed packet

Does someone have any advice

solid_978 — Thu, 12 May 2016 04:52:04 GMT

Does someone have any advice for fix this situation?