[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] "Accept ICMP" and ping rules help
Personnally i always uncheck "Accept ICMP" and use rules in policies to be more granular for the ICMP protococol like: Permit PING/TRACEROUTE from Intranet to Internet Permit just PING from clients sites on Internet to Intranet Permit sending of destination unreachable Permit reception of destination unreachable but log those Reject all the rest of ICMP At 19:18 2001-10-02 -0400, Clarrisa Wright wrote: > >hello > >i would like to allow icmp and traceroute between 2 networks on either side >of my firewall. I am wondering if i have to turn on "Accept ICMP Before >Last" in the policy properties, because obviously one of the hops from >subnet to subnet will be the firewall interfaces on both sides. i have >found that if i uncheck "Accept ICMP" in the policy, i get timeout marks >like this: * * * when the traffic hits the firewall. I don't want to keep >this on unless i have to. any ideas? Can't I just have "Accept ICMP" >unchecked and put in explicit ping rules? > >thanks :) > >-Sa > >_________________________________________________________________ >Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp > > > >================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html >================================================================================ > > > ------------------------------------------------------------ Yves Belle-Isle V.P. VE2YBI YB17 Email: [email protected] Responsable des Systemes Tel:Sogi Informatique Ltee. Fax:------------------------------------------------------------ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|