I don't think I have routing issue, since I turn the ICMP on under the
security preoperties tab, I can ping or trace those sites without a problem.
SOmething else is wrong.
Irene
-----Original Message-----
From: Simon Guo [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 21, 2000 2:52 PM
To: 'Irene Cai'; Simon Guo; [EMAIL PROTECTED]
Subject: RE: [FW1] Problem with ICMP!
Please check the logviewer and see whether you can find your packets. It
sonds like you have a routing problem instead of firewall policy problem.
-----Original Message-----
From: Irene Cai [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 21, 2000 3:24 PM
To: Simon Guo; Irene Cai; [EMAIL PROTECTED]
Subject: RE: [FW1] Problem with ICMP!
I cleared the ICMP under the security policy, and we had a rule which
Internal Net ANY ANY ACCEPT, repushed the policy, but the internal network
still can't run the ICMP related command.
Thanks,
Irene
-----Original Message-----
From: Simon Guo [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 21, 2000 2:10 PM
To: 'Irene Cai'; [EMAIL PROTECTED]
Subject: RE: [FW1] Problem with ICMP!
Irene,
Try this: clear the ACCEPT ICMP under the serrity policy. Modify the rule to
InternalNetwork any ICMP(better just ping and traceroute) Accept.
-----Original Message-----
From: Irene Cai [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 21, 2000 3:04 PM
To: [EMAIL PROTECTED]
Subject: [FW1] Problem with ICMP!
Hi,
Currently I have problem to set up the ICMP protocol in my firewall
policy set. I set up the properties for ACCEPT ICMP under security policy
for "before last", then I setup another rule for NO Internal Network Any
ICMP-Protol Drop. However after I pushed the policy, the Internal Network
can't run ICMP related command, such as PING or TRACEROUTE. If I remove that
No internal network drop for the ICMP, I can run the ICMP related command,
unfortunately everybody in the internet can run the ICMP related command as
well. Any suggestion will be great appreciated!
Thanks,
Irene
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
