- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
We are dropping icmp traffic, in tracker says "ip option: 131, message_info: Forbidden IP Option". How to I allow this traffic. This is R74.47 GAIA. Thanks.
I assume you mean R75.47
Solution is described in the following SK: “Forbidden IP option” drop log in SmartView Tracker for ICMP packets with IP Options
Yes, typo, meant R75.47 GAIA. I saw that SK article but don't quite understand, could you explain? Thanks.
The TL;DR: We block packets with IP Options by default.
To allow ICMP packets with IP Options to pass, you need to change the kernel variable described in the SK.
This will allow the packets to pass.
Sorry my England is not great. I follow sk but doesn't seem to be working. Can you give me the commands you would use to do this? Thanks.
The exact commands are documented in the SK.
If you're having issues, I recommend engaging with our TAC: Contact Support | Check Point Software
I am not sure if TAC will take a ticket on R75.47 anymore.
It is unsupported for while now.
"Best effort" support for sure but the process described in the SK is fairly generic.
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY