- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
How can I resolve drop code "IP Spoof"?
12/20/2019 
593 People found this article helpful
127,312 Views
Description
This article provides troubleshooting steps to resolve packets being dropped on the SonicWall firewall due to drop code "IP Spoof".
Cause
A common cause could be a loop in the physical configuration of the SonicWall and the devices connected to it. IP Spoof drops are caused when the SonicWall sees an IP address on one network segment that, as per firewall configuration, it believes the traffic belongs to a different network segment. Also, it can be caused by a discrepancy on SonicWall ARP table information and the MAC address of the packet arriving, among other causes.
Resolution
Check the following configurations if the packets are dropped due to "IP Spoof".
- Check if the packets are arriving on the correct port. If packets are arriving on the wrong port of firewall, check the configurations on upstream/downstream switch.
- SonicWall with VLAN configuration: Packet that should be arriving on x0:v20 with the VLAN tag 20 would arrive on x0 interface without the tag. As SonicWall knows that it should expect traffic to arrive on x0:v20 and not on x0 port, it will drop the packet.
- If the packets are arriving on the correct port and still getting dropped due to IP Spoof, then check if SonicWall has a route to reach that IP address. Usually seen when the firewall does not have a route to reach the internal networks that are not directly connected to the SonicWall.
- IP Spoof drop can also occur due to incorrect ARP information on firewall. Check if the ARP table (Manage | Network | ARP) has an ARP entry associated to the appropriate interface.
- Check if multiple network interfaces are configured on the client machine.
For more information, check out: IPSpoof dropped messages in the SonicWall Log
NOTE: Drop code numbers may change based on the firmware version, however, the drop code message (description) remains the same.
Additional drop code articles:
- How do I resolve drop code "Enforced Firewall Rule"?
- How do I resolve drop code "Cache Add Cleanup"?
- How do I resolve drop code "Packet Dropped - Policy Drop"?
- How do I resolve drop code "IP Spoof"?
- How do I resolve drop code "IDP Detection"?
Related Articles
- Configuring and troubleshooting SonicWALL Switches
- How can I get alerted if a WAN link goes down in a WAN fail-over scenario?
- Configuring and troubleshooting High Availability
YES
NO