|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Is ICMP Stateful in 4.1 ?
Looking at this thread below, Is it safe to say ICMP stateful inspection is ONLY available starting in NG version . I have seen several sources for custom inspect patches for versions prior to this. Pls confirm. Thanks. Cheers,Padhu ----- Original Message ----- From: "Simon Spurrell, T-GR" <[email protected]> To: <[email protected]> Sent: Friday, March 15, 2002 9:01 AM Subject: Re: [FW-1] How to enable ICMP with Checkpoint NG on Red Hat LINUX > Hi, > > Thanks a lot for your help. > I did what you said and ICMP works now. Thanks a lot. > > I still have problems with the ICMP redirect not being sent back to the > workstations. > > I can see in the logs: > ICMP type 5 Code 1 (my re-direct packet I think) being out of state. > > It must be somewhere in the Global Properties, but I cannot find it. > > Any help on this would be most appreciated. > > Thank for your help. > Simon > > > > > > -----Original Message----- > From: Kamalan Govender [mailto:[email protected]] > Sent: Friday, March 15, 2002 11:52 AM > To: [email protected] > Subject: Re: [FW-1] How to enable ICMP with Checkpoint NG on Red Hat > LINUX > > > In our environment we have the following rules > > Rule x my_net any icmp echo-request > ?? traceroute > > Rule x+1 any my_net icmp echo-reply > Icmp time-exceeded > Icmp dest-unreach > Icmp param-prblm > > In the global setting under Stateful Inspection the following are > ticked: > Statful UDP Accept stateful UDP replies for unknown services > > Stateful ICMP Accept stateful ICMP replies > Accept stateful ICMP errors > > Stateful Other IP Protocals Accept stateful other IP protocol > replies for unknown services. > > > These rules have allowed us to ping and traceroute to the out-side. > > How it helps. > > _________________________________________________ > Kamalan Govender > Computer & Network Services > University of the Witwatersrand > Tel: +27 11 717 1671 > Fax: +27 11 339 1225 > Web-site: www.wits.ac.za > > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[email protected]] On Behalf Of Simon > Spurrell, T-GR > Sent: Friday, March 15, 2002 10:07 AM > To: [email protected] > Subject: [FW-1] How to enable ICMP with Checkpoint NG on Red Hat LINUX > > Whatever I do I am unable to enable ICMP on Checkpoint NG running on > LINUX. > Even setting the Global Properties to Accept ICMP requests to First, > does > not make it work. > > Ultimately I need to get ICMP direct to work. But just getting any sort > of > ICMP functions to work seems impossible. > > I get the "ICMP packet out of state" error messages. I have read I need > to > make ICMP stateful. But I do not know how to do this. > > I have seen some solutions but none of them seem to work for me. > > Any help would be appreciated. > > Thanks. > Simon Spurrell > > Tecan Group (Switzerland) > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
