[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] AW: [FW-1] why there is only one way connection?
Hi, 1) That depends. There are several types of ICMP. If you do A --- B --- echo Request accept B --- A --- echo Reply accept then yes. Of course you should allow other ICMPs like TimeExceeded also. 2) The Last Rule is considerd to be / is often the CleanupRule any --- any --- any --- drop --- log In that case you would probably like to use "Befor Last". If you want to make sure that ICMP to a certain host / network is not denied somwehre in between you 10thousand rules you probably want to make accept icmp at FIRST. This also makes sense if you are running a large NOC where ICMP is used for monitoring all of you components. --Joerg -----Ursprüngliche Nachricht----- Von: Sim, CT (Chee Tong) [mailto:[email protected]] Gesendet: Freitag, 16. November 2001 03:41 An: [email protected] Betreff: [FW-1] why there is only one way connection? Hi.. , I had a Check Point Firewall-1 4.0 installed in a Sun Box and it is located in our bangkok branch (the other side of the WAN). I had a problem that I can't solved. From our workstations in Singapore, I can ping to the the Firewall in bangkok, but from the bangkok firewall, I can not ping to any workstations in Singapore, but it can ping to those workstations in Bangkok Could you please tell me what could be wrong? Besides a few more question, 1)If I enable a rule in Firewall source:A Destination:B services:(ICMP) Action:Accept, it make A can ping to B, does it mean that the rule also enable B to ping to A? 2)I saw the properties of FW implied rule, there are something like 1)Last 2)First 3)Before Last What is the meaning? Thank you very much CT ================================================================== De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. ================================================================== The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. ================================================================== =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html =============================================== =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|