Filter
Top Products
Network > MAC-IP Anti-Spoof
376
SonicOS 5.8.1 Administrator Guide
• ARP packets; both ARP requests and responses
• Static ARP entries from user-created entries
• MAC-IP Anti-Spoof Cache
The MAC-IP Anti-Spoof subsystem achieves egress control by locking
the ARP cache, so
egress packets (packets exiting the network) are not spoofed by a bad device or by unwanted
ARP packets. This prevents a firewall from routing a packet to the unintended device, based
on mapping. This also prevents man-in-the-middle attacks by refreshing a client’s own MAC
address inside its ARP cache.
Configuring MAC-IP Anti-Spoof Protection
This section contains the following subsections:
• “Interface Settings” section on page 376
• “Anti-Spoof Cache” section on page 378
• “Spoof Detect List” section on page 380
• “Extension to IP Helper” section on page 382
Interface Settings
To edit MAC-IP Anti-Spoof settings within the Network Security Appliance management
interface, go to the Network > MAC-IP Anti-spoof page.