Support Center > Search Results > SecureKnowledge Details
Anti-Spoofing check between cluster members in NGX R60 and above Technical Level
Symptoms
  • SmartView Tracker shows:
    message_info: Cluster member IP is being spoofed

  • Kernel Debug (FW module , flag 'drop') shows:
    ...dropped by fw_cluster_ttl_anti_spoofing Reason: ttl check drop
Cause

Once the cluster Extended Anti-Spoofing is enabled, the TTL is changed in outbound packets related to local connections in case the Source IP address and the Destination IP address are cluster member IP addresses.

Anti-Spoofing check in the cluster is checking that TTL field in IP-packets between cluster members (Source IP address = IP address of the cluster member or the Virtual IP ; Destination IP address = not relevant) has the value of 255 (this check does not apply to Multicast packets and IGMP protocol).

The receiving cluster member excludes IGMP packets and other special cases.

These drops will also be seen on the Active Cluster Member for multicast traffic originating from the Standby member.


Solution
Note: To view this solution you need to Sign In .