Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".


IP Spoof on VLAN, how to solve it?

I have a network consisting of a TZ 370 firewall, combined with a netgear XS708T switch where two Access Point are connected to.

IoT-Zone has both some Wiz Wifi bulbs, and Google devices like Chromecast etc.

LAN setup is a follow

X0 - LAN

X0:V20 Guest WiFi

X0:V30 IoT-Zone

MultiCast is enabled on X0 and X0:V30 as descriped on this link

IP Helper is also enabled for mDNS and SSDP

Overview of network

Main goal is to be able to control the Wiz WiFi bulbs, from X0 LAN.

For testing purpose only there is an allow any/any to and from LAN/IoT-Zone access rule.

The smart bulbs are located on the IoT-Zone -> X0:V30 

Wiz Wifi bulbs communicates on 38899 and 38900 for UDP on local network.

I need some help to figure out, why I get the IP Spoof alert from the firewall as below?

If more information is need, then please let me know.

Category: Entry Level Firewalls


  • Options
    MustafaAMustafaA SonicWall Employee

    Hello @MartinMP

    Looking at the packet capture, your source of traffic is which is coming through the X0 interface instead of the X0:V30, which indicates that the frames are not tagged with VLAN ID 30. Make sure your switch is configured correctly so that it tags the traffic properly.

    Firewall will consider this as IP spoof since it does not belong to the X0 subnet.

  • Options
    MartinMPMartinMP Newbie ✭

    Hi @MustafaA

    I did took a look on the packet capture, and did a control of the setup for the switch. All settings seems to fine for tagging VLAN, but ingress filtering was set to disabled (default setting for the switch) I have enabled ingress filtering and have not for the last hours had a IP Spoof alert.

Sign In or Register to comment.