Endpoint Protection

L.S.,

I have a Zyxel NBG6716 router. When I connect my Windows 7 64-bit laptop to it I have no problem.
However, when I connect to my work through VPN (Cisco AnyConnect Secure Mobility Client) I get lots of MAC spoofing messages from Symantec Endpoint Protection (version 12.1.2015.2015). In the security logfile of Symantec I can see that the spoofing is done mostly from the ipadres and mac-address of my router.
Sometimes a mac-address 00-11-22-33-44-55 appears in the Symantec log.
The exact message in Symantec : "Unsolicited incoming ARP reply detected, this is a kind of MAC spoofing that may consequently do harm to your computer.". The packet data is per mac-address the same.
When I disconnect my VPN, the messages do not appear anymore.
When I use the same VPN connection at my work, I do not get any messages in Symantec.

Can someone please help me solve this problem? It is a very annoying problem, because everytime my connection is disrupted and I get thrown out of my server session.

Greetings,
Toine

There is no option to add exclusions for this. You do have the option to turn off this featurein the firewall policy (anti-MAC spoofing).

_Brian,

I have seen this option, but I cannot change it. I guess only the system admin can. I can only turn off the firewall completely, but that's not good for security I think

I wouldn't recommend turning off the firewall. However, there may be some config on the router whereby it is trying to change your MAC, hence the alerts. It is something your admin may be able to check out. It could possibly be a bug as well but support would need to check this out. I know there was a similar bug like this back in an older 11.x version of SEP.

Did you ever get this sorted out?