[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: Re: [FW1] Ping Rules Across Firewall help
I feel that first rule,before last and last rule are meaning less.what i do is simply uncheck all options and concentrate on rule base only. mohamed. On Thu, 04 Oct 2001 Rajeev Kumar wrote : > > Ping: You need to accept ICMP. and Yes before Last > rule. FW-1 claimed that > ICMP traffic is now dealt with stateful engine (i.e > valid return ICMP reply > is allowed without Firewall rule) I am not sure how > true is this in current > Firewall versions. > > Traceroute: ON many OS traceroute uses UDP as default > packets to send and > ICMP error message as a return message from next HOP. > So you may need to > allow UDP traffic also. On Linux use traceroute with -I > option to force > traceroute to use ICMP as default packets. > > Hope this helps. > Rajeev > > On Tuesday 02 October 2001 19:19, Clarrisa Wright wrote: > > hello > > > > i would like to allow icmp and traceroute between 2 > networks on either side > > of my firewall. I am wondering if i have to turn on > "Accept ICMP Before > > Last" in the policy properties, because obviously > one of the hops from > > subnet to subnet will be the firewall interfaces > > on both sides. i have found that if i uncheck > "Accept ICMP" in the > > policy, i get timeout marks like this: * * * when the > traffic hits the > > firewall. I don't want to keep this on unless i have > to. any ideas? Can't > > I just have "Accept ICMP" unchecked and put in > explicit ping rules? > > > > thanks :) > > > > -Sa > > > > ______________________________________________________- > ___________ > > Get your FREE download of MSN Explorer at > http://explorer.msn.com/intl.asp > > > > > > > > ======================================================- > ===================== > >===== To unsubscribe from this mailing list, please > see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ======================================================- > ===================== > >===== > > -- > ** ******* > Rajeev Kumar ([email protected]) > http://www.rajeevnet.com > ********************************************************- > ************ > -- PGP PUBLIC KEY -- http://www.rajeevnet.com/crypto/myp- > ubkey > ********************************************************- > ************ > What's New on rajeevnet.com: > o Unix/Windows password Sync: > http://www.rajeevnet.com/linux/passwd_sync/passwd_sy- > nc.html > o Wonders of 'dd' and 'netcat' :: Cloning Operating > Systems > http://www.rajeevnet.com/tips_hints/os_clone/os_clon- > ing.html > ********************************************************- > ************ > > > ========================================================- > ======================== > To unsubscribe from this mailing list, please see > the instructions at > http://www.checkpoint.com/services/mailin- > g.html > ========================================================- > ======================== > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|