[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Ping Rules Across Firewall help
Ping: You need to accept ICMP. and Yes before Last rule. FW-1 claimed that ICMP traffic is now dealt with stateful engine (i.e valid return ICMP reply is allowed without Firewall rule) I am not sure how true is this in current Firewall versions. Traceroute: ON many OS traceroute uses UDP as default packets to send and ICMP error message as a return message from next HOP. So you may need to allow UDP traffic also. On Linux use traceroute with -I option to force traceroute to use ICMP as default packets. Hope this helps. Rajeev On Tuesday 02 October 2001 19:19, Clarrisa Wright wrote: > hello > > i would like to allow icmp and traceroute between 2 networks on either side > of my firewall. I am wondering if i have to turn on "Accept ICMP Before > Last" in the policy properties, because obviously one of the hops from > subnet to subnet will be the firewall interfaces > on both sides. i have found that if i uncheck "Accept ICMP" in the > policy, i get timeout marks like this: * * * when the traffic hits the > firewall. I don't want to keep this on unless i have to. any ideas? Can't > I just have "Accept ICMP" unchecked and put in explicit ping rules? > > thanks :) > > -Sa > > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp > > > > =========================================================================== >===== To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > =========================================================================== >===== -- ******************************************************************** Rajeev Kumar ([email protected]) http://www.rajeevnet.com ******************************************************************** -- PGP PUBLIC KEY -- http://www.rajeevnet.com/crypto/mypubkey ******************************************************************** What's New on rajeevnet.com: o Unix/Windows password Sync: http://www.rajeevnet.com/linux/passwd_sync/passwd_sync.html o Wonders of 'dd' and 'netcat' :: Cloning Operating Systems http://www.rajeevnet.com/tips_hints/os_clone/os_cloning.html ******************************************************************** ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|