Firewall-1 has a well-hidden anti-spoofing feature based on selecting the Properties dialog for the Firewall-1 network object. On this dialog there is a tab named Interfaces. You can manually create each interface on the firewall, and then you can set a Valid Addresses property that specifies which source IPs you will accept on that interface. Packets with different source IPs are supposed to be rejected.
My question is what kind of value can you specify for the setting "Other" under Valid Addresses? I tried first to select a Network object that was a template for the class network on the interface. That gives a fail to compile error when you attempt to install it. I then created a group object and put each individual machine that exists on that interface into that group. I then specified that group along with the Other setting. That also generates a fail to compile error.
Does this feature just not work? The vast majority of the objects that the "Other" selection lets you choose from in a drop down list simply fail to compile.