Cannot Ping through Checkpoint Firewall-1

[StoneColdDave]

I have a problem with Checkpoint Firewall-1 - Vers.4.1 (running on a Windows NT Platform)


Email Server<---->Firewall-1(A)<---->RouterA<-LES10->RouterB<---->Firewall-1(B)<---->Workstation


I cannot Ping the Email Server from the Workstation. However if I stop the Firewall Service on Firewall-1(A) I find I can ping through. I know what you are thinking, it must be down to a Rule on the Firewall-1(A). But if I change the Firewall Rules to allow everything through on all Interfaces I am still unable to ping the Email Server.

Strangely, if I perform a tracert from the workstation to Email Server it gets through, and after the tracert is performed I find I am able to ping the Email Server. However if I reboot the workstation I find I can no longer ping the Email Server.

I have checked with Firewall-1(A) properties, but I am unable to find anything significant. This problem isn't something that has not just occurred, but has been a problem on site for some time. It's not just the Email Server that cannot be pinged, but everything on the network beyond Firewall-1(A). I can confirm that you can ping Firewall-1(A) from the workstation but no further. Same problem exists for SecuRemote connections coming into Firewall-1(B).

Any ideas or suggestions would be greatly appreciated.

I am considering upgrading the Firewall to NG to try to resolve the problem, but I rather not have to go down that road.

 

[Piloria]

look in global properties and see if accept icmp requests is enabled (set to before last)
then add a rule allowing icmp_requests between sites .