As the cloud firewall filters based on source IP addresses: Would it be possible for an attacker to create packets that have a spoofed source IP address and thus break through the firewall?
I mean, assuming the attacker knew any whitelisted source IP addresses…
I’m asking for both, the external network interface as well as the private network interface.
Thank you!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

In the case of your firewall you are worried about someone establishing a connection and sending and receiving data, if someone was able to spoof an IP address, the return information would be sent to that IP address and so the “sender” would never receive it.

Also, services that are TCP oriented would probably reject that packet along the way, so it is unlikely to even reach the destination in the first place.

IP address spoofing is mostly used to create denial of service attacks on UDP based systems.

So the short answer is that you don’t have to worry about IP address spoofing. Plus in addition to the IP Address the assumption is that the user is still accessing a remote service that has some sort of authentication.

So you don’t have to worry about it.