No announcement yet.

return interface doesn't match arrival interface

  • Filter
  • Time
  • Show
Clear All
new posts

  • return interface doesn't match arrival interface

    hoping someone can point me in the right direction, starting yesterday we began getting alarms every minute or so stating:
    return interface doesn't match arrival interface
    It doesn't seem to give me much information, so I am hoping someone can point me in the right direction for what is causing this.

    Alarm number: 1
    Date: 2015-08-05 12:59:38 CDT (-0500)
    Priority: 4
    Interface: PROTECTED (eth0)
    Alarm type: Possible spoof
    Count: 1
    Protocol: ICMP
    Source address: (1)
    Ports: 8 (1)
    Destination address: (1)
    Ports: 8 (1)

    Detailed description:
    Return interface for IP packet is different than arrival.

    The ports change and sometimes the addresses change, but continuous non-the-less.
    any help is much appreciated.

  • #2
    Hello thanner

    This is generally due to traffic arriving on an internal interface from a subnet that the firewall is not aware of behind another router. This can usually be cleared up with a static route for the source subnet back to the router of origin.


    • #3
      Thanks Rick!
      So far so good. Strangely there were 2 subnets that never had there static routes added, not certain why we never seen these errors till now.


      • #4
        Adding the subnets that were not previously listed in static routes, seemed to help for a few hours. However after a few quiet hours the alarms started rolling in again, with networks that are listed in the static routes, as well as networks that are connected to the firewall through vpn, and the network that the firewall itself is on...
        any help is greatly appreciated.


        • #5
          Can you post another alarm example?