Have you checked your Implicit Rules for the enforcement module? By default Checkpoint disables ICMP traffic through the firewall and must be enabled.
Dave
Well apparently it is not that, first because the remote network can reach our network and because i have set a rule that permit local hosts to send icmp request.
I just don't see why the checkpoint try to rebuild a second vpn when i try to ping the remote firewall public address, is it something to see why this public address is routed through the vpn and not through the internet interface ?
Thanx for your help
Julien
"Dave Gresham" a écrit dans le message de news:4060550c$0$172$ snipped-for-privacy@newsreader.visi.com...
The simplest explanation is that CP does as its policy database states, i.e. all traffic to the public address goes through a VPN. Since ICMP doesn't match any existing SA for TCP or UDP, CP tries to create a new one.
Check once more the rule base. I'm not familiar with the details of CP user interface, but if the rule to VPN all packets comes before a rule that passes ICMP, the former rule probably overrules the latter...
-- Lassi
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.