In both SEP 11.x and 12.x firewall policies have the anti-MAC Spoofing option enabled. I don't recall receiving a single MAC Spoofing alert from an 11.x client. Over the past year as clients were slowly upgraded to 12.x we began to receive more and more MAC Spoofing alerts. Today, with 200 clients running 12.x, we receive an average of two alerts per minute!
The alerts only happen when client is using our corporate wireless or when they are using our corporate VPN. I suspect when using our VPN the clients are using wireless at home or at a coffee shop. I read other posts which talk about this problem happening in versions of 11.x but that seems to have been fixed in 11.x. This problem has been happening with 12.1 RU2 all the way up through RU4 MP1b.
Is anyone else encountering this problem?