We might be having an MTU discovery problem, and I remember reading about this in the paper at: www.feelabs.com/~whitis/isp_mistakes.html Is there a predefined FW-1 icmp service which allows ICMP "too big" messages so that I can make sure I'm not breaking PMTU discover??? Background info: We have been allowing a customers to ping a server on our site by allowing src=Any, dest=their server, service=icmp "echo-request" and allowing src=Any, dest=Any, service=icmp "echo-reply", "dest-unreach", "time-exceeded". Thanks in advance for your help! -- DH ________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
