Hello list!
I have a Firewall-1 NG with Application Intelligence running on W2K3. I
need to redirect some hosts to a Cisco router on the LAN port. I have
set fw_icmp_redirects to 1 and set the registry key as per sk27117 and
sk25826 and run "fw ctl set int fw_icmp_redirects 1". I also have a rule
permitting all traffic from the LAN to the gateway (which I think is
probably unnecessary). I also have a permanent route: "route add -p
x.x.x.x mask 255.255.255.255 10.1.1.2". So it looks to me like
everything is in place for ICMP redirects to work, but they don't. When
I try a tracert to the remote host, either from the firewall system or
the LAN, the pings time out. I would expect to see the pings hit the
firewall Ethernet port then the Cisco router Ethernet port. The pings
hit the firewall Ethernet port, but never the Cisco.
Any thoughts?
Thanks,
Duncan
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
