hello
i would like to allow icmp and traceroute between 2 networks on either side of my firewall. I am wondering if i have to turn on "Accept ICMP Before Last" in the policy properties, because obviously one of the hops from subnet to subnet will be the firewall interfaces on both sides. i have found that if i uncheck "Accept ICMP" in the policy, i get timeout marks like this: * * * when the traffic hits the firewall. I don't want to keep this on unless i have to. any ideas? Can't I just have "Accept ICMP" unchecked and put in explicit ping rules? thanks :) -Sa _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
