Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
pizzaprophet
Participant
Jump to solution

Gaia 81.10/Quantum 6200: Can I drop ICMP redirect packets without logging?

My firewall gets a lot of ICMP requests that are dropped (reason: ICMP redirect packets are not allowed). Is it possible to have them dropped without logging?

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend

Yes, see https://support.checkpoint.com/results/sk/sk112772 for allowing ICMP redirect packets - then an Access policy as suggested by PhoneBoy will work!

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

5 Replies
PhoneBoy
Admin
Admin

Yes you should be able to create an Access Policy rule that does this.
The Track field for this rule should contain “None.”

0 Kudos
pizzaprophet
Participant

seems like this doesn't work. ICMP rediret packets are dropped (and logged) before my policies are applied?

0 Kudos
PhoneBoy
Admin
Admin

What precise rule is it logging on?
If it's Rule 0, check the Implied Rules in Global Properties.


image.png

0 Kudos
pizzaprophet
Participant

It's not an implied rule. See the screenshot in my first post, it says "Policy Name: Standard", and no rule number

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Yes, see https://support.checkpoint.com/results/sk/sk112772 for allowing ICMP redirect packets - then an Access policy as suggested by PhoneBoy will work!

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events