Solved: Re: Want to block ICMP request for externel IP's. - Check Point CheckMates

Maestro Masters
Round Table session with Maestro experts

WATCH NOW

We are observing PING is reachable to all external IPs that is being destination NATed even though ping is not allowed in their respective policy.The IP's which we add in ARP from webui. Externel user able to ping those IP's. We want to block the icmp request for specifcally those IP's.

1 Solution

Accepted Solutions

I was thinking a rule along the lines something like below:

src -> internal networks (NEGATE), so its everything EXCEPT internal nets

dst -> firewall(s)

service -> whatever needed

action -> block

Andy

View solution in original post

5 Replies

How are the corresponding ICMP options in Global properties currently configured?

CCSM R77/R80/ELITE

Currently, it's unchecked for another reason. Is it connected to this issue?

I was thinking a rule along the lines something like below:

src -> internal networks (NEGATE), so its everything EXCEPT internal nets

dst -> firewall(s)

service -> whatever needed

action -> block

Andy

Thanks for your response, sir. We have already done it to ignore the problem.

Good job!

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

User

Count

5

2

2

2

2

2

1

1

1

Upcoming Maestro Events

CheckMates Events