ICMP Problem

[DotNetNewbie]

Dear all,

I am hoping someone can help before I remove the last of my hair!

We've recently purchased checkpoint as a replacement to our old firewall.

I had a consultant come in and do the basic configuration and installation for me as I had also never used the SPLAT element before.

So far so good.....however...

I am trying to make sure our WAN is visible via the new firewall, however when I attempt to ping one of the routers at another location (having the firewall as my default gateway) i see the following:

Dropped:

ICMP: Host Redirect; ICMP Type 5; ICMP Code 1; message_info: ICMP redirect packets are not allowed

Allowed:

service_id: echo-request; ICMP: Echo Request; ICMP Type 8; ICMP Code: 0

Any ideas on what I need to change; either general settings wise or rule wise?

Many thanks in advance.

.Net

 

[DC2006]

This doesn't necessarily mean that the remote sites aren't visible. The Firewall is simply saying that it's not gonna tell your workstation how to get to these remote networks because ICMP redirects are disabled. I would approach it from another angle and try pinging the remote networks from the firewall itself.. Unfortunately, I don't know Splat so I can't help, I wouldn't disable this function anyway to be honest because it's a global change, not just an interface change.

Darren Campbell
Technical Design Architect

 

[ssanjeevi]

What is the result if you try to ping from the Firewall itself?