Anders,
I've always found that to get ICMP to work through the box, it must be explicitly
labeled somewhere. No luck on the any rule. I would guess that this behavior is to
make sure that IF you want to allow icmp that you use the limited icmp of the
firewall (type 3 and type 8) not 11,14, etc.
HTH,
CT
"Reed Mohn, Anders" wrote:
> For testing purposes, I added a rule like this, at the top of my rulebase
> (rule nr. 2):
>
> Src: external test-pc
> Dest: internal server
> Service: Any
> Action: Allow
>
> However, when I tried traceroute or ping from the test machine,
> the packets were blocked by this rule (rule nr. 15):
>
> Src: Any
> Dest: internal netw.
> Service: Any
> Action: Reject
>
> I then tried changing the test-pc rule to allow instead of reject. Same
> thing happened.
> Rebooted.. same thing again.
>
> ???????????????
>
> Could this be related to my recent 4.1 SP2 upgrade?
>
> Cheers,
> Anders :)
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
