[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] How to enable ICMP with Checkpoint NG on Red Hat LINUX
You can check the following Global Properties -> Firewall-1 Implied Rules Accept outgoing packets originating from the gateway first. That's the only thing I have checked. Also under stateful inspection what are your time-outs set to? I have mine all set to 600 seconds. _________________________________________________ Kamalan Govender Computer & Network Services University of the Witwatersrand Tel: +27 11 717 1671 Fax: +27 11 339 1225 Web-site: www.wits.ac.za -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]] On Behalf Of Simon Spurrell, T-GR Sent: Friday, March 15, 2002 5:02 PM To: [email protected] Subject: Re: [FW-1] How to enable ICMP with Checkpoint NG on Red Hat LINUX Hi, Thanks a lot for your help. I did what you said and ICMP works now. Thanks a lot. I still have problems with the ICMP redirect not being sent back to the workstations. I can see in the logs: ICMP type 5 Code 1 (my re-direct packet I think) being out of state. It must be somewhere in the Global Properties, but I cannot find it. Any help on this would be most appreciated. Thank for your help. Simon -----Original Message----- From: Kamalan Govender [mailto:[email protected]] Sent: Friday, March 15, 2002 11:52 AM To: [email protected] Subject: Re: [FW-1] How to enable ICMP with Checkpoint NG on Red Hat LINUX In our environment we have the following rules Rule x my_net any icmp echo-request ?? traceroute Rule x+1 any my_net icmp echo-reply Icmp time-exceeded Icmp dest-unreach Icmp param-prblm In the global setting under Stateful Inspection the following are ticked: Statful UDP Accept stateful UDP replies for unknown services Stateful ICMP Accept stateful ICMP replies Accept stateful ICMP errors Stateful Other IP Protocals Accept stateful other IP protocol replies for unknown services. These rules have allowed us to ping and traceroute to the out-side. How it helps. _________________________________________________ Kamalan Govender Computer & Network Services University of the Witwatersrand Tel: +27 11 717 1671 Fax: +27 11 339 1225 Web-site: www.wits.ac.za -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]] On Behalf Of Simon Spurrell, T-GR Sent: Friday, March 15, 2002 10:07 AM To: [email protected] Subject: [FW-1] How to enable ICMP with Checkpoint NG on Red Hat LINUX Whatever I do I am unable to enable ICMP on Checkpoint NG running on LINUX. Even setting the Global Properties to Accept ICMP requests to First, does not make it work. Ultimately I need to get ICMP direct to work. But just getting any sort of ICMP functions to work seems impossible. I get the "ICMP packet out of state" error messages. I have read I need to make ICMP stateful. But I do not know how to do this. I have seen some solutions but none of them seem to work for me. Any help would be appreciated. Thanks. Simon Spurrell Tecan Group (Switzerland) ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|