Hello,
I have a checkpoint ng r55. I allow a icmp (all types) connection:
Source Destination Service
10.1.1.1 20.2.2.2 icmp permitThe host 10.1.1.1 can ping 20.2.2.2. Okay. When host 10.1.1.1 traces the route to 20.2.2.2, it get a pesponse from the firewall internal and external interface!
Host 10.1.1.1\\> traceroute 20.2.2.2
10.1.1.1 ok firewall_ip ok 20.2.2.2 okI do not want that the hosts sees the firewall ip adresses. Can I configure the firewall to drop/reject the icmp (type 8 time exceeded) packet to the host??
I have tried to make an own rule:
Source Destination Service firewall_ip 10.1.1.1 icmp (type 8) deny
alternative any 10.1.1.1 icmp (all types) deny
The "fw monitor" shows me, that icmp packets type 8 flow from firewall_ip to host 10.1.1.1, although I have denied it...
Thanks in advance.