Hello, I am trying to allow traceroutes, from a management station in my internal network, through Checkpoint's Firewall-1, out to the Internet. My network set up is as follows: (btw: the FW-1 is 3.0 VPN) Internal Network ------ FW-1 ------- Router -------- Internet. Note also that there is a static NAT translation between the internal and external networks. In terms of policies, I did the following: NAT: - Everything from the management station inside, going outside is translated into a valid IP. - Everything from outside, going to the translated valid IP, is translated back to the real mngmt station internal IP. Policy: - All traffic coming from or going to the management station is allowed through the firewall. But even with these open policies I wasn't able to traceroute from the mngmnt station... The traceroute gets "blind" as soon as it reaches the firewall. The curious thing is that I was able to traceroute from outside to the inside mngmnt station! By the way, my router - as far as I know - is not blocking anything. I also tried to change FW-1's ICMP processing options from first, to before last. Has anybody successfully allowed traceroute through FW-1? Any ideas and/or adivice on this problem? Thanks in advance, F�bio Rocha. - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
