Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] "Accept ICMP" and ping rules help

To: [email protected]
Subject: Re: [FW1] "Accept ICMP" and ping rules help
From: Yves Belle-Isle <[email protected]>
Date: Thu, 04 Oct 2001 08:40:56 -0400
Cc: "Clarrisa Wright" <[email protected]>
In-reply-to: <[email protected]>
Sender: [email protected]

Personnally i always uncheck "Accept ICMP" and use rules
in policies to be more granular for the ICMP protococol like:

Permit PING/TRACEROUTE from Intranet to Internet
Permit just PING from clients sites on Internet to Intranet
Permit sending of destination unreachable
Permit reception of destination unreachable but log those
Reject all the rest of ICMP

At 19:18 2001-10-02 -0400, Clarrisa Wright wrote:
>
>hello
>
>i would like to allow icmp and traceroute between 2 networks on either side 
>of my firewall. I am wondering if i have to turn on "Accept ICMP Before 
>Last" in the policy properties,  because obviously one of the hops from 
>subnet to subnet will be the firewall interfaces on both sides.   i have 
>found that if i uncheck "Accept ICMP" in the policy, i get timeout marks 
>like this: * * * when the traffic hits the firewall.  I don't want to keep 
>this on unless i have to. any ideas? Can't I just have "Accept ICMP" 
>unchecked and put in explicit ping rules?
>
>thanks :)
>
>-Sa
>
>_________________________________________________________________
>Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
>
>
>
>================================================================================
>     To unsubscribe from this mailing list, please see the instructions at
>               http://www.checkpoint.com/services/mailing.html
>================================================================================
>
>
>

------------------------------------------------------------
Yves Belle-Isle V.P. VE2YBI YB17        Email: [email protected]
Responsable des Systemes                Tel:Sogi Informatique Ltee.                 Fax:------------------------------------------------------------



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] "Accept ICMP" and ping rules help
  - From: "Clarrisa Wright" <[email protected]>

Prev by Date: [FW1] Getting Domain names from an IP address
Next by Date: Re: [FW1] Ping Rules Across Firewall help
Previous by thread: Re: [FW1] "Accept ICMP" and ping rules help
Next by thread: [FW1] Secure Remote and NT Wkst with 2 NICS
Index(es):
- Date
- Thread