Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re: [FW1] Ping Rules Across Firewall help

To: "Rajeev Kumar" <[email protected]>
Subject: Re: Re: [FW1] Ping Rules Across Firewall help
From: "Mohamed Maraikayar" <[email protected]>
Date: 5 Oct 2001 09:35:52 -0000
Cc: "Clarrisa Wright" <[email protected]>, <[email protected]>
Reply-to: "Mohamed Maraikayar" <[email protected]>
Sender: [email protected]


I feel that first rule,before last and last rule are meaning less.what i do is simply uncheck all options and concentrate on rule base only.
mohamed.

On Thu, 04 Oct 2001 Rajeev Kumar wrote :
> 
> Ping: You need to accept ICMP. and Yes before Last 
> rule. FW-1 claimed that 
> ICMP traffic is now dealt with stateful engine (i.e 
> valid return ICMP reply 
> is allowed without Firewall rule) I am not sure how 
> true is this in current 
> Firewall versions.
> 
> Traceroute: ON many OS traceroute uses UDP as default 
> packets to send and 
> ICMP error message as a return message from next HOP. 
> So you may need to 
> allow UDP traffic also. On Linux use traceroute with -I 
> option to force 
> traceroute to use ICMP as default packets.
> 
> Hope this helps.
> Rajeev
> 
> On Tuesday 02 October 2001 19:19, Clarrisa Wright wrote:
> > hello
> >
> > i would like to allow icmp and traceroute between 2 
> networks on either side
> > of my firewall. I am wondering if i have to turn on 
> "Accept ICMP Before
> > Last" in the policy properties,  because obviously 
> one of the hops from
> > subnet to subnet will be the firewall interfaces
> > on both sides.   i have found that if i uncheck 
> "Accept ICMP" in the
> > policy, i get timeout marks like this: * * * when the 
> traffic hits the
> > firewall.  I don't want to keep this on unless i have 
> to. any ideas? Can't
> > I just have "Accept ICMP" unchecked and put in 
> explicit ping rules?
> >
> > thanks :)
> >
> > -Sa
> >
> > ______________________________________________________-
> ___________
> > Get your FREE download of MSN Explorer at 
> http://explorer.msn.com/intl.asp
> >
> >
> >
> > ======================================================-
> =====================
> >===== To unsubscribe from this mailing list, please 
> see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > ======================================================-
> =====================
> >=====
> 
> -- 
> **
*******
> 	Rajeev Kumar ([email protected])
> 		http://www.rajeevnet.com
> ********************************************************-
> ************
> -- PGP PUBLIC KEY -- http://www.rajeevnet.com/crypto/myp-
> ubkey
> ********************************************************-
> ************
> What's New on rajeevnet.com:
> o Unix/Windows password Sync: 
>     http://www.rajeevnet.com/linux/passwd_sync/passwd_sy-
> nc.html
> o Wonders of 'dd' and 'netcat' :: Cloning Operating 
> Systems
>     http://www.rajeevnet.com/tips_hints/os_clone/os_clon-
> ing.html
> ********************************************************-
> ************
> 
> 
> ========================================================-
> ========================
>      To unsubscribe from this mailing list, please see 
> the instructions at
>                http://www.checkpoint.com/services/mailin-
> g.html
> ========================================================-
> ========================
> 
 



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] License
Next by Date: [FW1] Performance drop with VLAN Intel NIC...
Previous by thread: Re: [FW1] Ping Rules Across Firewall help
Next by thread: [FW1] "Accept ICMP" and ping rules help
Index(es):
- Date
- Thread