Hi
I reported in an earlier email that I had got ICMP working via dummy last
rule to get round bug and 2 rules to allow appropriate rules (as detailed
in below email). It worked for at least a day or so.
However, at the moment traceroute is acting really weird - the traces seem
to get to and report the FINAL destination but all other hops are starred
out !
Any ideas ?
Tim Higgins
"THELLIER, Francis (Kedros)"
<[EMAIL PROTECTED]> To: "'D H'"
<[EMAIL PROTECTED]>,
Sent by:
[EMAIL PROTECTED]
[EMAIL PROTECTED] cc:
kpoint.com Subject: RE: [FW1]
Stateful inspection of icmp
29/06/00 08:31
Yes, it should work with (2) and (3), but why enable ICMP from properties
if
you use rules ?
> Francis THELLIER
>
> -----Message d'origine-----
> De: D H [SMTP:[EMAIL PROTECTED]]
> Date: mercredi 28 juin 2000 19:01
> �: [EMAIL PROTECTED]
> Objet: [FW1] Stateful inspection of icmp
>
>
> I am using FW-1 v4.0 sp 3, and I'm having a problem with the stateful
> inspection of ICMP (which should work in version 4.0 according to
> phoneboy).
>
> I want to allow only outbound ping (i.e. to the Internet), and as I
> understand it, it should work if the FW is configured as follows:
> (1) The "Accept ICMP" property is enabled and "Last" (i.e. after my
> explicit
> drop rule)
> (2) I allow outbound (to the Internet) services: echo-request
>
> But, the replies are being dropped by the FW. As a work-arround:
> (3) I allow inbound (from the Internet) services: echo-reply,
> time-exceeded,
> dest-unreach.
>
> Shouldn't it work without (3)?
> If so, any ideas what it might be?
>
> -- DH
>
> ________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
>
>
>
>
==========================================================================
> ======
> To unsubscribe from this mailing list, please see the instructions
at
> http://www.checkpoint.com/services/mailing.html
>
==========================================================================
> ======
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
#**********************************************************************
This message is intended solely for the use of the individual
or organisation to whom it is addressed. It may contain
privileged or confidential information. If you have received
this message in error, please notify the originator immediately.
If you are not the intended recipient, you should not use,
copy, alter, or disclose the contents of this message. All
information or opinions expressed in this message and/or
any attachments are those of the author and are not
necessarily those of Hughes Network Systems Limited,
including its European subsidiaries and affiliates. Hughes
Network Systems Limited, including its European
subsidiaries and affiliates accepts no responsibility for loss
or damage arising from its use, including damage from virus.
#**********************************************************************
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
