Thanks Lindsay.
Yes,it is what i want. but what is the best practice recomended for this issue?
I read that block icmp traffic sometimes can not be very good because of udp
traffic. is this true?
I dont want people in internet pinging my web servers.
thanks again to all.
-----Mensagem original-----
De: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM]Em nome de Lindsay
Hill
Enviada em: quinta-feira, 29 de setembro de 2005 11:29
Para: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Assunto: Re: [FW-1] ICMP Packets
Normally you would have the global option turned off. You can then
allow any specific ICMP that you do want (e.g. from your monitoring
server) with the use of a normal rule.
If you turn the option on in your global properties, it effectively
just adds another rule. Go View -> Implied Rules to see the rules that
are added. Better to turn it off, and explicitly define the rule
youself. If the global option is turned off, and you don't have any
rules allowing it, it will be dropped - which is what you want, yes?
- Lindsay
On 9/29/05, Maurit Pereira Fagundes <MAURIT AT fgv DOT br> wrote:
> Hello all,
>
> In global properties there is an option: Accept ICMP requests. I want to
> avoid that people in internet ping and run the tracerout command against my
> dmz servers.
> what is the better way to do this? disabling this option in global proterties
> or creating a rule base to do this? If i create a rule base i must disable
> this option in rule base?
>
> thanks in advance.
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
