Dean,
Try viewing the rule 0's. This will show where the rules actually fall at.
With some of the rule 0's, you can make them first, before the last rule., or
last rule. See if you can make the ICMP rule fall after the any|any|any rule.
This way, the ICMP rule will not be caught first.
Scott McHenry,
Sys Eng / CSC
------------Original Message-----------------
Date: Wed, 31 May 2000 15:11:15 +1200
From: Dean Cunningham <[EMAIL PROTECTED]>
Subject: [FW1] 4.1 SP0 Dumb question
We are migrating off v3 to 4.1
If we have a simple policy of any any any installed on gateway and turned
off the ICMP implicit rule (in fact all implicit rules)......
We cannot ping from one side of the FW to the other.
We can ping from the FW to each side.
If we stop the FW service then we can ping from one side to the other
There must be something really dumb we are not doing......
***************************************************
This e-mail is not an official statement of the
Waikato Regional Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***************************************************
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
