If I'm not mistaken, that would be because
even if you do allow outbound ICMP, the
ICMP replies aren't getting back.
ICMP is ot connection oriented, thus there is
no "session" for FW-1 to check against..
Anders :)
> -----Original Message-----
> From: Haydock Paul [mailto:[EMAIL PROTECTED]]
> Sent: 30. august 2000 15:44
> To: '[EMAIL PROTECTED]'
> Subject: [FW1] ICMP outbound only
>
>
>
> I have read the article on Phoneboys website regarding
> outbound only ICMP.
>
> I am currently running version 4.0 sp3 on 4 Nokia 440's.
>
> I have set ICMP to 'Last' in rule zero (properties) and the added the
> following rule :-
>
> Internal-networks - any - icmp-echo &
> traceroute allow
>
> I am still unable to ping any devices on any of my dmz's or
> the outside
> world.
>
> If I try to trace to a device the trace stops at the
> Firewall's nearest
> interface.
>
> Nothing shows in my logs however.
>
> I am at a loss as to any explanation. Please help.
>
> Regards,
>
> Paul Haydock
> Network Analyst - Infrastructure Department
> 020 7337 3934
>
>
>
> --------------------------------------------------------------
> ----------------------------
> The information contained in this e-mail message is
> confidential and may be privileged.
> It is intended only for the use of the individual or entity
> named above. If the reader
> of this message is not the intended recipient, or the
> employee or agent responsible to
> deliver it to the intended recipient, this message must not
> be copied or distributed to
> any other person. If you have received this message in error,
> please notify the sender
> by telephone (+44-20-7337-3500) and destroy the original
> message. The Gerrard Group reserves
> the right to monitor all e-mail messages passing through its network.
>
> This e-mail originates from the Gerrard Group unless
> otherwise stated.
> --------------------------------------------------------------
> ----------------------------
>
>
> ==============================================================
> ==================
> To unsubscribe from this mailing list, please see the
> instructions at
> http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
