Negate Rule Not Working Firewall-1

- W
- Will
  
  Contact options for registered users
posted
17 years ago

Thu, Sep 14, 2006 7:28 AM

Let's say you have three DMZ networks on Firewall-1, and you create three network objects corresponding to these three networks:

10.10.10.0 10.10.11.0 10.10.12.0

You then create a group named DMZ-Networks and create a rule that says when the Source is NOT DMZ-Networks (i.e., Negate DMZ-Networks), and the target is the Firewall-1 object, then send an alert. The intent was to find any packet from an external address that targets the firewall.

What I'm finding is that any broadcast from any machine in a DMZ network is triggering the alert. Firewall-1 does not see a broadcast originating from a machine in a DMZ Network as being from that network? How would you modify the rule above so that broadcasts coming from inside the DMZ don't trigger the Negate source condition?

Loading thread data ...

- R
- rick
  
  Contact options for registered users
Vote on answer
posted
17 years ago

Thu, Sep 14, 2006 4:08 PM

When you created the network object, did you specify that the broadcast address was included or excluded in the network definition. The default for NGX is to exclude the broadcast address from the network object.

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.