I have enabled Anti-MAC Spoofing in my firewall policy and have been receiving a lot of emal notification stating the it detected MAC spoofing from an unsolicited incoming ARP. Most of the MAC spoofing is coming from our laser printers.
I read a blog online which stated to go to the Clients tab and right-click on a client and enable as unmanaged detector. Once enabled I would enter the MAC address of the targeted printers. This took care of my laser printers from MAC spoofing the targeted SEP clients but, I started receiving security warning about the clients that I enabled to become an unmanaged detector. So, I disabled all the unmanaged detector clients.
Your support person said that the only way to stop the MAC spoofing email notifications was to disable Anti-Mac Spoofing in my firewall policy but, I would like to keep this feature enabled if it is not too intrusive.
Can you please allow us to enter MAC addresses via Policies > Intrusion Prevention > Edit target policy > Intrusion Prevention > Enable excluded hosts > Excluded Hosts... or find another way to exclude target MAC addresses?