http://www.phoneboy.com/fw1/faq/0066.html
This will give you what to allow in and out. The ICMP services are already defined in
FW-1
services database.
Since ICMP are not connection based protocol so you have to allow explicitly inbound
and
outbound ICMP codes to make ICMP work (ping and traceroute(if using ICMP)) to work.
You still would like to have "Allow ICMP" in properties and keep it as "last
Rule"(virtually ineffective rule), but this seems to trigger stateful inspection of in
older version of FW. I guess with newer version of FW statefull inspection of ICMP is
there by default but not sure!
Rajeev
[EMAIL PROTECTED] wrote:
>
> Hi
>
> Is there a way to allow ICMP without using the Properties "Accept ICMP" -
> which allows everyone to use it ?
>
> I tried a couple of test rules for the 3 icmp protocols and one for ANY
> service - nothing seemed to work.
>
> TIA
>
> Tim Higgins
>
> #**********************************************************************
> This message is intended solely for the use of the individual
> or organisation to whom it is addressed. It may contain
> privileged or confidential information. If you have received
> this message in error, please notify the originator immediately.
> If you are not the intended recipient, you should not use,
> copy, alter, or disclose the contents of this message. All
> information or opinions expressed in this message and/or
> any attachments are those of the author and are not
> necessarily those of Hughes Network Systems Limited,
> including its European subsidiaries and affiliates. Hughes
> Network Systems Limited, including its European
> subsidiaries and affiliates accepts no responsibility for loss
> or damage arising from its use, including damage from virus.
> #**********************************************************************
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
--
#########################################################################
(Titanic creators used Linux to simulate the sinking of the great ship)
#########################################################################
Rajeev Kumar ([EMAIL PROTECTED])
Fluent Inc. 10, Cavendish Court, Lebanon NH-03766
-------------------------------------------------------------------------
Phone :: (603)-643-2600 x 349 Fax :: (603)-643-3967
Web:: http://www.fluent.com
#########################################################################
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
