|
Posted by Observer on August 10, 2004, 3:54 pm
If you were Registered and logged in, you could reply and use other advanced thread options
There is something called "stealth rule" , a rule where you put your fw as
invisible meaning, it drops all traffic directed to it. (except ev. IPsec,
control connections and so on but these are anyway implied rules at
checkpoint, so no need to define them explicitely)
> Hello,
>
> I have a checkpoint ng r55. I allow a icmp (all types) connection:
>
> Source Destination Service
> 10.1.1.1 20.2.2.2 icmp permit
>
> The host 10.1.1.1 can ping 20.2.2.2. Okay.
> When host 10.1.1.1 traces the route to 20.2.2.2, it get a pesponse from
> the firewall internal and external interface!
>
> Host 10.1.1.1\> traceroute 20.2.2.2
>
> 10.1.1.1 ok
> firewall_ip ok
> 20.2.2.2 ok
>
> I do not want that the hosts sees the firewall ip adresses. Can I
> configure the firewall to drop/reject the icmp (type 8 time exceeded)
> packet to the host??
>
> I have tried to make an own rule:
>
> Source Destination Service
> firewall_ip 10.1.1.1 icmp (type 8) deny
>
> alternative
> any 10.1.1.1 icmp (all types) deny
>
> The "fw monitor" shows me, that icmp packets type 8 flow from
> firewall_ip to host 10.1.1.1, although I have denied it...
>
> Thanks in advance.
| 
XML site map