Can you please include what the exact reason for the drop is? -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, May 02, 2006 4:42 AM To: [email protected] Subject: [FW-1] VPN without implied rules
Hi, I have a VPN Site-To-Site setup with NG AI HFA17 ClusterXL, I would like to disable all "implied rules" and allow only the firewall's to communicate between them, and do key exchange (IKE) which is defined in the first rule. When the implied rules are checked, the VPN key exchange is working fine. When i remove the implied rules, and add two rules as the first rules (1. from Firewall-Cluster Object, to ANY, service IKE , accept, log and 2. from ANY, to Firewall-Cluster Object, service IKE , accept, log) the firewall rejects the packet of the key exchange with rule 0. What can i do to make it accept it? Thanks doehni ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
