I would think that specifically allowing the echo-reply is not needed (state table) Can someone smarter than I confirm or deny this?
Mitchell > You to need to do a few things. Uncheck in global properties Accept ICMP > requests. Create two rules, one inbound and one outbound with the > following rules > > Sourece Destination service > Any object-to-ping echo-request > Object-to-ping any echo-reply > > > This gives you a better control over what can be pinged and what can > not. If you have a stealth rule for your firewall then the rules > mentionned above need to be before the stealth rule. If you control the > internet router then make sure you have no access-lists blocking > outgoing pings. Other than that nothing else would stop you from pinging > unless you have rule somewhere that prevents you. > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] On Behalf Of v.r > Sent: Thursday, April 03, 2003 4:29 AM > To: [EMAIL PROTECTED] > Subject: [FW-1] Interface Ping > > > Hello, > > Iam using NG Fp3.When iam pinging the external > interface from a internet ping website, my external > interface is accepting the ping but not giving the > response. > > there are no antispoofing configuration specified. In > the global, ICMP is accepted. the default gateway for > the firewall at the external side is pingable from the internet. > > do i need to add the echo reply also to get the ping > response at the external interface?? > > thanks, > v.r > > ________________________________________________________________________ > Missed your favourite TV serial last night? Try the new, Yahoo! TV. > visit http://in.tv.yahoo.com > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > Mitchell Rowton http://www.attackprevention.com ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
