Do Aliased (or Virtual) Interfaces Pose a Security Risk?
Firewall-1 ignores virtual interfaces, so that inspection and anti-spoofing is performed on the physical interface. If you want to use virtual interfaces with anti-spoofing, you must define two network objects, one for each subnet, and then create a network group which consists of the two network objets. Then you can put the group in the physical interface’s anti-spoofing entry, just as you would if there were another physical network connected to the interface.