[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Problem with ICMP!

To: FW1 mailinglist <fw-1-mailinglist@lists.us.checkpoint.com>
Subject: RE: [FW1] Problem with ICMP!
From: MIS <trang@omnitech.com>
Date: Mon, 21 Aug 2000 14:11:01 -0600

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]


you need to add another rule
any internalnet [echo-reply, time-exceed, dest-unreach} accept

-----Original Message-----
From: owner-fw-1-mailinglist@lists.us.checkpoint.com
[mailto:owner-fw-1-mailinglist@lists.us.checkpoint.com]On Behalf Of
Irene Cai
Sent: Monday, August 21, 2000 1:24 PM
To: Simon Guo; Irene Cai; fw-1-mailinglist@lists.us.checkpoint.com
Subject: RE: [FW1] Problem with ICMP!



I cleared the ICMP under the security policy, and we had a rule which
Internal Net ANY ANY ACCEPT, repushed the policy, but the internal network
still can't run the ICMP related command.

Thanks,

Irene

-----Original Message-----
From: Simon Guo [mailto:sguo@intira.com]
Sent: Monday, August 21, 2000 2:10 PM
To: 'Irene Cai'; fw-1-mailinglist@lists.us.checkpoint.com
Subject: RE: [FW1] Problem with ICMP!


Irene,

Try this: clear the ACCEPT ICMP under the serrity policy. Modify the rule to
InternalNetwork any ICMP(better just ping and traceroute) Accept.



-----Original Message-----
From: Irene Cai [mailto:Irene.Cai@ins.gte.com]
Sent: Monday, August 21, 2000 3:04 PM
To: fw-1-mailinglist@lists.us.checkpoint.com
Subject: [FW1] Problem with ICMP!



Hi,

        Currently I have problem to set up the ICMP protocol in my firewall
policy set. I set up the properties for ACCEPT ICMP under security policy
for "before last", then I setup another rule for NO Internal Network Any
ICMP-Protol Drop. However after I pushed the policy, the Internal Network
can't run ICMP related command, such as PING or TRACEROUTE. If I remove that
No internal network drop for the ICMP, I can run the ICMP related command,
unfortunately everybody in the internet can run the ICMP related command as
well. Any suggestion will be great appreciated!

Thanks,

Irene


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Lotus Notes?
Next by Date: Re: [FW1] Lotus Notes?
Prev by thread: RE: [FW1] Problem with ICMP!
Next by thread: RE: [FW1] Problem with ICMP!
Index(es):
- Date
- Thread