fw ctl get int fw_icmp_redirects checks the current value of the setting. fw ctl set int fw_icmp_redirects 1 turns redirects on.
You now need to set a registry key on the firewall so that the change is permanent: Under registry key "HKLM\System\CurrentControlSet\Services\FW1\Parameters", create a new key named "Globals". 2. Create a "DWORD Value" and assigned a parameter name under that key. 3. Modify new "<parameter name>" and set desired value data in "Edit DWORD Value" field. 4. Select "Hexadecimal or Decimal" for value. 5. Exit regedit. See articles sk27117 and sk25826 at https://secureknowledge.checkpoint.com/sk/login/login.jsp for more information. There must also be a rule that allows ICMP traffic, otherwise the firewall won't respond. Having said all that, I found that it was easier to use the Windows logon scripts to do a "route add etc etc" and point to the alternative gateway rather than rely on the ICMP redirects (which works but is a pain in the rear). Hope this helps. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Nico De Ranter Sent: Friday, 10 June 2005 7:51 PM To: [email protected] Subject: [FW-1] How to allow ICMP redirect Hi, how do I allow the firewall (NG R55) to send ICMP redirects? One of my firewalls acts as a default gateway for a local network ('A'). On that network is second router which connects to network 'B'. Since the clients on network A only know the default gateway they rely on ICMP redirects to access network B. However these are getting blocked with the message 'ICMP redirect packets are not allowed' without any specification of the rule number. Any idea where I can turn this behavious off? Nico -- --------------------------------------------------------- "It has been said that there are only two businesses that refer to customers as users: illegal drug trade and the computer industry." --------------------------------------------------------- Nico De Ranter Senior System Administrator Sony Service Center (NSCE) The Corporate Village, Da Vincilaan 7-D1 B-1935 Zaventem, Belgium Telephone: +32 (0)2 700 86 41 Fax: +32 (0)2 700 86 22 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
