Did you choose "REJECT" or "DROP" in the action field of your rulebase? You must choose "DROP" to hide you opened services.
Hope it helps... -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED]]On Behalf Of Roan, Wayne Sent: Wednesday, January 09, 2002 3:10 PM To: [EMAIL PROTECTED] Subject: [FW-1] Port Scan I have two Checkpoint Firewalls 4.1 setup, I only allow certain protocols through (ftp, http) for static NATs. But when I port scan those NATs from the outside world, you can see all available ports but can only connect to them with the specified protocols. I allow ICMP traffic, is port scan a result of allowing ICMP traffic or am I missing something? Thanks, Wayne Roan Information Technology ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
