We have only one host connected to a separate interface (dmz2). It is natted to a Public IP to allow it access to a partner network.
I want to make sure that no one (internally) spoofs the IP of this host or uses it's IP. I was looking at placing a static arp entry
and using dynamic arp inspection but it seems that this works only in transparent mode, but we have a routed mode running.
Is there any other way?
All help is appreciated