This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
DanielJavier
Participant
‎2025-05-30 10:55 AM

Limit ICMP


Hi guys

Some firewall settings may cause a certain packet size to not pass through the ping.
for example:
Ping 8.8.8.8 -l 1000 Passes
Ping 8.8.8.8 -l 4000 Does not pass

I've attached a test image.Ping.PNG

0 Kudos
5 Replies
Duane_Toler
Advisor
‎2025-05-30 11:07 AM

#WorksForMe 😕

--
Ansible for Check Point APIs series: https://www.youtube.com/@EdgeCaseScenario and Substack
Preview file
190 KB
0 Kudos
Lloyd_Braun
Advisor
‎2025-05-30 01:35 PM

check your IPS core protections for "max ping size" - I am seeing a default of 2500 bytes if it is enabled.

0 Kudos
Duane_Toler
Advisor
‎2025-05-30 01:37 PM
In response to Lloyd_Braun

Oh, that's different. 😆  I thought you were trying to report some other issue.

--
Ansible for Check Point APIs series: https://www.youtube.com/@EdgeCaseScenario and Substack
0 Kudos
Lloyd_Braun
Advisor
‎2025-05-30 01:47 PM
In response to Duane_Toler

4fakj6

😁

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2025-05-31 12:21 PM

There are actually two protections that can limit the size of pings:

  • Core Activation: Large Ping Size (default limit 2500 bytes)
  • ThreatCloud Protection: Max Ping Echo Reply Size (default limit 512 bytes)

To make things even more confusing the first is one of the fixed 39 Core Activations, while the other one is part of the much more numerous (and always growing) ThreatCloud Protections.  The main thing to watch out for is they are controlled by their own profiles and exceptions, so adding a standard Threat Prevention exception will only apply to the second protection and not the first.  Core Activations have their own separate set of exceptions (and better yet so do the 146 Inspection Settings).

The differences between working with Core Activations vs. IPS ThreatCloud protections is a major source of confusion, and nicely covered by the Check Point Threat Prevention Specialist (CTPS) course available from ATCs worldwide.

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events