Dynamically Updating the Security Gateway Topology
This feature is supported only for Security Gateways R77.20 and above. Once selected, the range of IP addresses behind the internal interface is automatically calculated every second (default value) without the need for the administrator to click Get Interfaces and install a policy.
To configure dynamic topology updates
-
Open Gateway Properties > Network Management.
-
Select an interface and click Edit.
-
In the Topology section, click Modify.
-
In the Leads To section, select Network defined by routes.
-
Click OK.
This default update value is configured in SmartConsole > Preferences and set to one second. The value set here applies to all internal interfaces for all gateways in the Domain.
To set the update value for a specific interface
-
Open Gateway Properties > Network Management.
-
Select an interface and click Actions > Settings.
-
Select Use custom update time (seconds) and set the applicable update time.
-
Click OK.
Dynamic Anti-Spoofing
When Anti-Spoofing is selected and you click Get interfaces, the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. generates a list of valid IP addresses based on the IP address and netmask of the interface and the routes assigned to the interface.
Anti-Spoofing drops packets with a source IP address that does not belong to the network behind the packet's interface. For example, packets with an internal IP address that comes from an external interface.
When the Network defined by routes option is selected along with Perform Anti-Spoofing based on interface topology, you get Dynamic Anti-Spoofing. The valid IP addresses range is automatically calculated without the administrator having to do click Get Interfaces or install a policy.