Manualshelf

Technical data

ManualsBrandsCheck Point Software Technologies ManualsNetworkingVSX-1 3070
61626364656667686970
Configuring VSX
Check Point VSX Administration Guide NGX R67 | 62
External: The interface leads to external networks or to the Internet.
Internal: The interface leads to internal networks and/or a DMZ and includes the following properties:
Not Defined: IP routing is not defined for this device.
Network: Routing is defined by the IP and net mask defined in General Properties.
Specific: Routing is defined by a specific network or network group.
Interface leads to DMZ: Defines an interface as leading to a DMZ, which Isolates a vulnerable,
externally accessible resource from the rest of an protected, internal network.
Configuring Anti-Spoofing
Attackers can gain access to protected networks by falsifying or "spoofing" a trusted source IP address with
high access privileges. It is important to configure anti-spoofing protection for VSX gateways and Virtual
Systems, including internal interfaces. You can configure anti-spoofing for an interface, provided that the
topology for the interface is properly defined.
If you are using dynamic routing, disable the Calculate topology automatically based on routing
information option, and manually configure the topology of the Virtual System.
To enable anti-spoofing for an interface, enable the Perform Anti-Spoofing based on interface topology
option on the Topology tab in the Interface Properties window. Select a tracking option as appropriate.
Configuring Multicast Restrictions
IP multicasting applications send one copy of each datagram (IP packet) and address it to a group of
computers that wish to receive it. Multicast restrictions allow you to define rules that block outbound
datagrams from specific multicast groups (IP address ranges). You can define multicast access restrictions
for physical and Warp interfaces in a VSX environment.
To enable multicast restrictions:
1. Enable the Drop multicast packets by the following conditions option on the Multicast Restrictions
tab in the Interface Properties window.
2. Select one of the following restriction types:
Drop multicast packets whose destination is in the list
Drop all multicast packets except those whose destination is in the list
3. Click Add to add a multicast address range. The Multicast Address Range Properties window opens.
4. Define an IP address Range or a Single IP Address in the 224.0.0.0 to 239.255.255.255 range.
5. Select a tracking option.