Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] ping

To: 'Hasan Övüç' <[email protected]>, [email protected]
Subject: RE: [FW1] ping
From: Amin Tora <[email protected]>
Date: Tue, 9 Jan 2001 09:58:00 -0500
Sender: [email protected]


Allow the necessary protocals in/out depending on your security policy.

If you want to allow pinging outbound but not inbound, you'd do something
like this:

Note: The "!" means "negation of the object, etc..."

1 (internal_networks)  ->  !(internal_networks)  echo_request  Accept  <log
level>
2 (!internal_networks) ->  (internal_networks)   echo_reply    Accept  <log
level>

If you need to allow traceroutes and ping outbound, and none inbound:

add in: traceroute in rule 1
and in: destination_unreachable and time_exceeded in rule 2

  :)


Amin Tora
ePlus Technology
http://www.eplus.com

This message may contain confidential and/or proprietary information, and is
intended only for the person / entity to whom it was originally destined.
The use of this information and unauthorized access to this information for
any other means is strictly prohibited.  The content of this message may
also contain private views and opinions that do not constitute a formal
disclosure or commitment unless specifically stated.

-----Original Message-----
From: Hasan Övüç [mailto:[email protected]]
Sent: Tuesday, January 09, 2001 9:17 AM
To: [email protected]
Subject: [FW1] ping





	Hi, 

	I have a boring problem. When i delete icmp-proto from my policy ,
anyone "also me" from external network  do not communicate both firewall and
any machine of internal network. all services are unreachable, too.  Another
important point, any machine of internal network and firewall do not
communicate external network in any way. How do i solve this?

	Please help me. 

	Thanks.  

- Hasan


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- [FW1] Flood Gate errors
  - From: "Benjamin Keller" <[email protected]>

Prev by Date: Re: [FW1] possible port scan?
Next by Date: RE: [FW1] problems setting up a NAT
Previous by thread: [FW1] ping
Next by thread: [FW1] Flood Gate errors
Index(es):
- Date
- Thread