[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Smart Defense "Small PMTU" attack
Ya, I am also facing the same problem. I have NG-FP3 installed in my office. One of my partners want to access a webserver in the DMZ and he is being rejected by Smartdefense. Some one suggested me to enable ICMP requests for Type 3 code 4...which did not actually work. Someone else suggested me that I should disable Smartdefense->Small PMTU detection ...which could be dangerous... Still looking for a solution. MG -----Original Message----- From: Misha Alikov [mailto:[email protected]] Sent: Wednesday, July 30, 2003 10:54 PM To: [email protected] Subject: [FW-1] Smart Defense "Small PMTU" attack I have an NG-FP1 Management Server that controls a mixture of NG-FP1 and 41-SP6 Enforcement Modules at remote locations. Just recently, a user behind one of my 41-SP6 Enforcement Modules attempted to access (HTTP) a Web Server behind an NG-FP3 Firewall within a separate organization, and was stopped by their Smart Defense system - reason given was "Small PMTU" attack. This sounds like a "false positive" to me, but I'm curious to know if anyone else has encountered this issue, and/or what anyone might suggest I do as a workaround. ps. I should mention that I have ":ipsec_dont_fragment (false)" set in my NG-FP1 Management Server's $FWDIR/conf/objects_5_0.C file for each of my remote Enforcement Modules. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|