If you're using DROP ALL as your last rule, you should set
"Accept ICMP before last" .. not LAST ..
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 07, 2000 9:17 AM
To: [EMAIL PROTECTED]
Subject: [FW1] "Stateful" icmp inspection
Has anyone experienced unstateful icmp inpection on CPv4.1?
We have "accept ICMP Last" & "Accept Outgoing... before last", but yet
the icmp replies get dropped when pinging from the Firewall itself by
the last "drop all" rule. Do I need to explicitly allow the return
packets?
Thanks,
Ken
*******************************************************************
This communication is confidential and is intended for use only by
the addressee. Jardine Fleming accepts no responsibility for any
mistransmission of, or interference with, this communication.
*******************************************************************
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
