Re: [FW-1] ICMP Packets

Subject:	Re: [FW-1] ICMP Packets
From:	Lindsay Hill <lindsay.k.hill AT GMAIL DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Thu, 29 Sep 2005 15:29:08 +0100

Normally you would have the global option turned off. You can then
allow any specific ICMP that you do want (e.g. from your monitoring
server) with the use of a normal rule.

If you turn the option on in your global properties, it effectively
just adds another rule. Go View -> Implied Rules to see the rules that
are added. Better to turn it off, and explicitly define the rule
youself. If the global option is turned off, and you don't have any
rules allowing it, it will be dropped - which is what you want, yes?

 - Lindsay


On 9/29/05, Maurit Pereira Fagundes <MAURIT AT fgv DOT br> wrote:
> Hello all,
>
> In global properties there is an option: Accept ICMP requests. I want to 
> avoid that people in internet ping and run the tracerout command against my 
> dmz servers.
> what is the better way to do this? disabling this option in global proterties 
> or creating a rule base to do this? If i create a rule base i must disable 
> this option in rule base?
>
> thanks in advance.
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] ICMP Packets, Maurit Pereira Fagundes Re: [FW-1] ICMP Packets, Lindsay Hill <= Re: [FW-1] ICMP Packets, Joe Matusiewicz Re: [FW-1] ICMP Packets, Rob Epping Re: [FW-1] ICMP Packets, Lindsay Hill

Previous by Date:	[FW-1] SecuerClient: policy is not loaded, cp user
Next by Date:	[FW-1] RES: [FW-1] ICMP Packets, Maurit Pereira Fagundes
Previous by Thread:	[FW-1] ICMP Packets, Maurit Pereira Fagundes
Next by Thread:	Re: [FW-1] ICMP Packets, Joe Matusiewicz
Indexes:	[Date] [Thread] [Top] [All Lists]