Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] AW: [FW-1] why there is only one way connection?

To: [email protected]
Subject: [FW-1] AW: [FW-1] why there is only one way connection?
From: [email protected]
Date: Fri, 16 Nov 2001 11:46:39 +0100
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi,

1) That depends. There are several types of ICMP.
If you do
A --- B --- echo Request accept
B --- A --- echo Reply   accept
then yes. Of course you should allow other ICMPs like TimeExceeded also.

2) The Last Rule is considerd to be / is often the CleanupRule
any --- any --- any --- drop --- log
In that case you would probably like to use "Befor Last". If you want to
make sure that ICMP to a certain host / network is not denied somwehre in
between you 10thousand rules you probably want to make accept icmp at FIRST.
This also makes sense if you are running a large NOC where ICMP is used for
monitoring all of you components.

--Joerg


-----Ursprüngliche Nachricht-----
Von: Sim, CT (Chee Tong) [mailto:[email protected]]
Gesendet: Freitag, 16. November 2001 03:41
An: [email protected]
Betreff: [FW-1] why there is only one way connection?


Hi.. ,

I had a Check Point Firewall-1 4.0 installed in a Sun Box and it is located
in our bangkok branch (the other side of the WAN).  I had a problem that I
can't solved.  From our workstations in Singapore, I can ping to the the
Firewall in bangkok, but from the bangkok firewall, I can not ping to any
workstations in Singapore, but it can ping to those workstations in Bangkok
Could you please tell me what could be wrong?

Besides a few more question,
1)If I enable a rule in Firewall   source:A Destination:B  services:(ICMP)
Action:Accept, it make A can ping to B, does it mean that the rule also
enable B to ping to A?

2)I saw the properties of FW implied rule, there are something like 1)Last
2)First 3)Before Last   What is the meaning?

Thank you very much
CT





==================================================================
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht
onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en
de afzender direct te informeren door het bericht te retourneren.
==================================================================
The information contained in this message may be confidential
and is intended to be exclusively for the addressee. Should you
receive this message unintentionally, please do not use the contents
herein and notify the sender immediately by return e-mail.


==================================================================

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

Prev by Date: Re: [FW-1] why there is only one way connection?
Next by Date: [FW-1] Upgrade DES to 3DES
Previous by thread: Re: [FW-1] NAT problem
Next by thread: [FW-1] Upgrade DES to 3DES
Index(es):
- Date
- Thread