Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Unable to tracert

To: <[email protected]>
Subject: [FW1] Unable to tracert
From: "Rusdyanto Tardjono" <[email protected]>
Date: Sat, 18 Aug 2001 11:25:01 +0700
Importance: Normal
Reply-to: <[email protected]>
Sender: [email protected]

Dear lists,

I am using Checkpoint FW-1 4.1 still SP1 under Windows NT 4.0 Server SP 6.
I 'm wondering that I can't do traceroute from the FW module itself to any
but I can ping to any with no problem from FW module.
In my rule base, I have the following rule:

	Source		Destination	Service			Action
	Any		FW		ICMP Echo Reply	Accept

I have also tried to open built-in Traceroute service, but still unable to
do so.
>From ANY, I purposely block any ICMP so outsiders can't ping and traceroute
to my FW and DMZ.

Under Policy menu -> Properties -> Security Policy tab, I deselect Accept
ICMP.  Only if I select Accept ICMP, I can traceroute from FW as well as
from outside can ping and traceroute to my FW which I don't want it this
way.
I remember the traceroute used to work. My rulebase is about the same when
it used to work.  Any help will be appreciated.
Thanks.


Rusdy




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- RE: [FW1] Unable to tracert
  - From: "Larry Pingree" <[email protected]>

Prev by Date: [FW1] NAT Hide Question
Next by Date: [FW1] log viewing in text mode
Previous by thread: [FW1] NAT Hide Question
Next by thread: RE: [FW1] Unable to tracert
Index(es):
- Date
- Thread