anti-spoofing will not work in this case as the spoofed IP and the
legitimate IP would be on the untrust (ie routed through same
interface) . Juniper FW Anti-spoofing mechnism's logic is to check the
route for the incoming SRC-IP. If the packet with SRC-IP a.b.c.d
enters firewall via interface 'X' a...
legitimate IP would be on the untrust (ie routed through same
interface) . Juniper FW Anti-spoofing mechnism's logic is to check the
route for the incoming SRC-IP. If the packet with SRC-IP a.b.c.d
enters firewall via interface 'X' a...
[ more ]