[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] ping
Allow the necessary protocals in/out depending on your security policy. If you want to allow pinging outbound but not inbound, you'd do something like this: Note: The "!" means "negation of the object, etc..." 1 (internal_networks) -> !(internal_networks) echo_request Accept <log level> 2 (!internal_networks) -> (internal_networks) echo_reply Accept <log level> If you need to allow traceroutes and ping outbound, and none inbound: add in: traceroute in rule 1 and in: destination_unreachable and time_exceeded in rule 2 :) Amin Tora ePlus Technology http://www.eplus.com This message may contain confidential and/or proprietary information, and is intended only for the person / entity to whom it was originally destined. The use of this information and unauthorized access to this information for any other means is strictly prohibited. The content of this message may also contain private views and opinions that do not constitute a formal disclosure or commitment unless specifically stated. -----Original Message----- From: Hasan Övüç [mailto:[email protected]] Sent: Tuesday, January 09, 2001 9:17 AM To: [email protected] Subject: [FW1] ping Hi, I have a boring problem. When i delete icmp-proto from my policy , anyone "also me" from external network do not communicate both firewall and any machine of internal network. all services are unreachable, too. Another important point, any machine of internal network and firewall do not communicate external network in any way. How do i solve this? Please help me. Thanks. - Hasan ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|