[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] ICMP and UDP
You have to check "accept UDP replies" in policy properties. You can also check "accept ICMP" to enable echo replies, but I would advise you to be more restrictive about ICMP, and create a rule ANY>>>Internal-NET>>>echo reply & time exceeded>>>>ACCEPT. HTH Michael. -----Original Message----- From: Chris Arnold [mailto:[email protected]] Sent: Monday, March 26, 2001 8:12 PM To: [email protected] Subject: [FW1] ICMP and UDP Hmmm...I have a rule for an internal network such that: Src Dest Serv Action internal-net any any accept I used to be able to ping and traceroute out to external hosts but now can not. For some reason replies to UDP packets and ICMP echoes are being dropped by my clean-up rule when they used to get through just fine. Does anyone have any thoughts on curing this? Much thanks in advance for any help. Chris ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|