Справочник Пользователя для SonicWALL 5.8.1
Network > MAC-IP Anti-Spoof
376
SonicOS 5.8.1 Administrator Guide
•
ARP packets; both ARP requests and responses
•
Static ARP entries from user-created entries
•
MAC-IP Anti-Spoof Cache
The MAC-IP Anti-Spoof subsystem achieves egress control by locking the ARP cache, so
egress packets (packets exiting the network) are not spoofed by a bad device or by unwanted
ARP packets. This prevents a firewall from routing a packet to the unintended device, based
on mapping. This also prevents man-in-the-middle attacks by refreshing a client’s own MAC
address inside its ARP cache.
egress packets (packets exiting the network) are not spoofed by a bad device or by unwanted
ARP packets. This prevents a firewall from routing a packet to the unintended device, based
on mapping. This also prevents man-in-the-middle attacks by refreshing a client’s own MAC
address inside its ARP cache.
Configuring MAC-IP Anti-Spoof Protection
This section contains the following subsections:
•
•
•
•
Interface Settings
To edit MAC-IP Anti-Spoof settings within the Network Security Appliance management
interface, go to the Network > MAC-IP Anti-spoof page.
interface, go to the Network > MAC-IP Anti-spoof page.