Sebastian,
The reply packets are a different service, so you need to create a rule
allowing the reply packets in. Typically it would be something like the
following:
Any -- Internal network -- dest-unreach, echo-reply, & time-exceeded (all
icmp) -- accept
Rick
_______________________________________
Rick Camp
Welsh Consulting
31 Milk Street, Suite 805
Boston, MA 02109
617-695-9800 Tel
617-695-0350 Fax
[EMAIL PROTECTED]
www.welsh.com
-----Original Message-----
From: Sebastian Vieira Uribe [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 07, 2000 8:17 AM
To: Firewall-1 Mailinglist
Subject: [FW1] Problems with ICMP filtering
Hi,
I am using FW-1 4.0 and i have ICMP disabled as (Before Last) in the
properties dialog.
I have a rule allowing any from one of the internal networks and all
services work from this network except PING. If i try to ping any
address in another network i always get a timeout.
Anyone know what is happening here??
Regards,
Sebastian Vieira
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
