[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] ICMP and MTU path discovery
Hello there, I have a question about what ICMP types to let through the FW. To let hosts from outside find out the MTU for a connection through our FW we have to let some ICMP services pass through. especialy ICMP type 3, code 4 (Fragmentation needed but DON'T FRAGMENT bit set). This one is needed to let a host know it has to make his MTU size smaller for this connection. In FW-1 4.1 the "ICMP-DEST-UNREACHABLE" service is defined. Am I correct in assuming that this includes every type 3 icmp packet? including: 3 Destination unreachable. 3 0 Net unreachable. 3 1 Host unreachable. 3 2 Protocol unreachable. 3 3 Port unreachable. 3 4 Fragmentation needed and DF set. 3 5 Source route failed. If this is the case then: can I define a service for ICMP type3, code4 separatly? Is there any harm in letting every code of type 3 through? Thanks in advance, Lupinum, Netherlands ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|