[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Unable to tracert
Dear lists, I am using Checkpoint FW-1 4.1 still SP1 under Windows NT 4.0 Server SP 6. I 'm wondering that I can't do traceroute from the FW module itself to any but I can ping to any with no problem from FW module. In my rule base, I have the following rule: Source Destination Service Action Any FW ICMP Echo Reply Accept I have also tried to open built-in Traceroute service, but still unable to do so. >From ANY, I purposely block any ICMP so outsiders can't ping and traceroute to my FW and DMZ. Under Policy menu -> Properties -> Security Policy tab, I deselect Accept ICMP. Only if I select Accept ICMP, I can traceroute from FW as well as from outside can ping and traceroute to my FW which I don't want it this way. I remember the traceroute used to work. My rulebase is about the same when it used to work. Any help will be appreciated. Thanks. Rusdy ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|