Celebrate the New YearWith CheckMates!
Value of SecurityVendor Self-Awareness
Join Us for CPX 36023-24 February 2021
Important certificate update to CloudGuard Controller, CME,and Azure HA Security Gateways
How to Remediate Endpoint & VPNIssues (in versions E81.10 or earlier)
Mobile SecurityBuyer's Guide Out Now
Important! R80 and R80.10End Of Support around the corner (May 2021)
We are dropping icmp traffic, in tracker says "ip option: 131, message_info: Forbidden IP Option". How to I allow this traffic. This is R74.47 GAIA. Thanks.
I assume you mean R75.47
Solution is described in the following SK: “Forbidden IP option” drop log in SmartView Tracker for ICMP packets with IP Options
Yes, typo, meant R75.47 GAIA. I saw that SK article but don't quite understand, could you explain? Thanks.
The TL;DR: We block packets with IP Options by default.
To allow ICMP packets with IP Options to pass, you need to change the kernel variable described in the SK.
This will allow the packets to pass.
Sorry my England is not great. I follow sk but doesn't seem to be working. Can you give me the commands you would use to do this? Thanks.
The exact commands are documented in the SK.
If you're having issues, I recommend engaging with our TAC: Contact Support | Check Point Software
I am not sure if TAC will take a ticket on R75.47 anymore.
It is unsupported for while now.
"Best effort" support for sure but the process described in the SK is fairly generic.
