Modifying antispoofing

IP address spoofing is an attack where the source IP address in a packet is changed to gain unauthorized access or to cause a denial-of-service. Such attacks can be prevented with antispoofing rules.

Antispoofing is intended to prevent malicious attempts to use a legitimate internal IP address to gain access from lower-security networks to higher-security networks by determining which addresses are valid source addresses for the networks connected to each interface. If an interface receives a packet with a source address that is not a valid source address for the networks that are connected to that interface, the packet is considered to come from a spoofed IP address.

Antispoofing is used on Firewalls, IPS engines, Layer 2 Firewalls, Master NGFW Engines, and Virtual Firewalls. Antispoofing rules are created automatically based on the routing configuration for interfaces that have IP addresses. In most cases, there is no need to change the antispoofing configuration in any way.

If you do modify the antispoofing configuration, manually changed entries are marked with a plus sign (+) for active entries or a minus sign (–) for disabled entries.


Antispoofing cannot be configured for the following types of interfaces because they do not have IP addresses:

  • Capture Interfaces and Inline Interfaces on IPS engines or Layer 2 Firewalls
  • Master NGFW Engines that host Virtual IPS engines or Virtual Layer 2 Firewalls.
  • Layer 2 physical interfaces on Firewalls.
  • All interfaces on Virtual IPS engines and Virtual Layer 2 Firewalls.