Hi Philip,

solid_978 · ‎04-06-2016

We have a server was having connection issue, from further analysis I discovered that our firewall getting dropped due spoofed packet,
in my opinion it is a false positive, my topology L2 is following:

S1-->S2-->Nexus-->Firewall

then firewall come back on nexus and nexus route toward different interface where is the final destination. S1 has a default route with next hop layer 3 of firewall

S1 and Firewall has common broadcast interface Layer 3

Perhaps Firewall detects two net coming from same mac (in imput and output with same mac: the nexus MAC) and apply rule about spoofed

Am I correct?
However if I disable spoofed rule into FW every packet flows in right way.

Any advice?

Philip D'Ath · ‎04-06-2016

Does all the internal traffic enter just one interface on the firewall? Does the firewall have a Portchannel to anything?

Are there more than one L3 routed path between some devices so that asymmetric routing could be happening?

solid_978 · ‎04-06-2016

Hi Philip,

yep previously there was asymmetric routing and then I try to fix with static /32, at the moment I have just /32 route vs firewall, as side firewall has two /32 route too, one for LAN pointing layer 3 next hop of S1 (source) and other one face common layer 3 between nexus and firewall,the interface are 2 normal interface but I have still spoofed packet

solid_978 · ‎05-11-2016

Does someone have any advice for fix this situation?

Spoofed packet