NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Ping Rules Across Firewall help



Ping: You need to accept ICMP. and Yes before Last rule. FW-1 claimed that 
ICMP traffic is now dealt with stateful engine (i.e valid return ICMP reply 
is allowed without Firewall rule) I am not sure how true is this in current 
Firewall versions.

Traceroute: ON many OS traceroute uses UDP as default packets to send and 
ICMP error message as a return message from next HOP. So you may need to 
allow UDP traffic also. On Linux use traceroute with -I option to force 
traceroute to use ICMP as default packets.

Hope this helps.
Rajeev

On Tuesday 02 October 2001 19:19, Clarrisa Wright wrote:
> hello
>
> i would like to allow icmp and traceroute between 2 networks on either side
> of my firewall. I am wondering if i have to turn on "Accept ICMP Before
> Last" in the policy properties,  because obviously one of the hops from
> subnet to subnet will be the firewall interfaces
> on both sides.   i have found that if i uncheck "Accept ICMP" in the
> policy, i get timeout marks like this: * * * when the traffic hits the
> firewall.  I don't want to keep this on unless i have to. any ideas? Can't
> I just have "Accept ICMP" unchecked and put in explicit ping rules?
>
> thanks :)
>
> -Sa
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
>
>
>
> ===========================================================================
>===== To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ===========================================================================
>=====

-- 
********************************************************************
	Rajeev Kumar ([email protected])
		http://www.rajeevnet.com
********************************************************************
-- PGP PUBLIC KEY -- http://www.rajeevnet.com/crypto/mypubkey
********************************************************************
What's New on rajeevnet.com:
o Unix/Windows password Sync: 
    http://www.rajeevnet.com/linux/passwd_sync/passwd_sync.html
o Wonders of 'dd' and 'netcat' :: Cloning Operating Systems
    http://www.rajeevnet.com/tips_hints/os_clone/os_cloning.html
********************************************************************


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.