Tracert Not Working 2

[gslee]

I just moved off of a managed firewall to an in-house firewall. All seems to be working fine except for route tracing. When I perform a tracert

http://www.xxx.com

(ip address) my first hop is my core switch and the second is my internal interface of my firewall. I then get asterisks, Request timed out, from hop 3 to 30 and at the end it says Trace Complete even though it didn't actually complete. In the Logviewer I see one entry at about hop 20 where the icmp is accepted to the

http://www.xxx.com

resolved IP address. The rule is 9 which allows any internal source to use icmp-proto and icmp-requests along with other services to go out the firewall. Any ideas what is wrong?
Nokia IP530\Check Point NG FP2\ NT40 Management Station

 

[Piloria]

This is a quirk of FP2
it is solved by later fixes

 

[t101]

Have you tried looking at the CP firewall logs to see what protocols/ports are getting denied. Do a tracert and then grab the log excerpt. You probably need to define some rules to allow ICMP packets out of the internal interface. By default ICMP outbound is denied as far as I can tell.

 

[t101]

Nevermind, I re-read your post and realize you _have_ already checked the logs and rule...must be as Piloria says...