NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Statefully Controlled Traffic



Are you saying that you want icmp to work through the vpns, and yet have other devices use icmp w/o encryption?

ICMP on FireWall-1 is not inherently stateful -- that is, it does not populate a connections table to automatically allow the reverse connection.

KMoussavi wrote:

 

TWIMC,

I'm currently trying to restrict ICMP and traceroute "statefully" to FW1 (NT) from the outside.  How is this possible without disrupting VPN ICMP?  I've looked at the INSTINCT scripts that have been posted on PHONEBOY but they do have some bugs in them.  Is there another way without having to use INSTINCT?

Thank You

Keyvan



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.