how can I remove Anti spoofing feature in the check point

5 pts.
Check Point
Check Point NGX R60
I need to remove the anti spoofing feature from my checkpoint /....what to do for it

Answer Wiki

Thanks. We'll let you know when a new response is added.


You need to double click on the Firewall Node icon on your Smart Dashboard, click on the ‘topology’ tab and select the interface you need to remove your anti-spoofing from.

Another box will appear with three tabs, the middle one being again, ‘topology’.

Select this tab and click ‘not defined on the radio button options.

Click OK and install the policy again.

Should work!

Many Thanks


Discuss This Question: 4  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Manliz2000
    +++ just un-tick the box at the bottom of this screen - tried it on mine and you don't want to remove your defined networks for the interface, just remove the anti-spoofing!! +++++
    275 pointsBadges:
  • wijnaldumwilliam
    Stealth - All traffic that is NOT from the internal company network to one of the Security Gateways is dropped. When a connection matches the Stealth rule, an alert window opens in SmartView Monitor.
    Critical subnet - Traffic from the internal network to the specified resources is logged. This rule defines three subnets as critical resources: Finance, HR, and RnD.Tech support - Allows the Technical Support server to access the Remote-1 web server which is behind the Remote-1 Security Gateway. Only HTTP traffic is allowed. When a packet matches the Tech support rule, the Alert action is done.DNS server - Allows UDP traffic to the external DNS server. This traffic is not logged.Mail and Web servers - Allows incoming traffic to the mail and web servers that are located in the DMZ. HTTP, HTTPS, and SMTP traffic is allowed.SMTP - Allows outgoing SMTP connections to the mail server. Does not allow SMTP connections to the internal network, to protect against a compromised mail server.DMZ and Internet - Allows traffic from the internal network to the DMZ and Internet.
    Clean up rule - Drops all traffic. All traffic that is allowed matched one of the earlier rules.
    20 pointsBadges:
  • wijnaldumwilliam
    Anti-spoofing is Check Point's way of establishing directionality on the firewall when it comes to enforcing the rulebase. Other vendor's firewalls will use Zones or security-levels to do basically the same thing. While the official CCSA R75 courseware only has about 1.5 pages covering anti-spoofing I'll spend a good 20-30 minutes covering it in class as it tends to be a Check Point feature that will really trip up firewall administrators who are migrating from another firewall such as Juniper or Cisco. It can be a very hard lesson to learn that not quite everything is enforced in the Check Point rulebase itself, and anti-spoofing has a completely separate enforcement mechanism. Use of Security Zones (which Check Point does not support) tends to clear this up by explicitly using Zones in the rulebase.
    20 pointsBadges:
  • stevep69
    Star! Hours spent on this issue with DHCP not working on the interface. Thanks so much for posting this solution!
    10 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: