The PhoneBoy Blog

Simplifying Telecom, Mobile Phones, Gadgets, Health, and More!

FireWall-1 FAQ: SecuRemote and Ping

Please note: This content was from when I was operating my FireWall-1 FAQ site, which I stopped operating in August 2005. For some reason people still have links to this stuff on the Internet that people are still clicking on.

I am making this information available again AS IS. Given how old this information is, it is likely wildly inaccurate. I have no plans to update this information.

If you're still running versions of Check Point VPN-1/FireWall-1 where this information is still relevant to you, do yourself a favor and upgrade to a more recent release. If you happen to be running a current release and the information is useful, it's by happenstance :)

Versions of FireWall-1 prior to 3.0 did not support encrypting and NATting ICMP packets simultaneously. Version 3.0 of FireWall-1 supports this, but the default is the backward-compatible mode. Version 4.0 of SecuRemote also supports this, but it’s default is the new mode.

This issue can be resolved in one of two ways:

  • On the client side in userc.set, change icmpcryptver from 1 to 0
  • On the management console in $FWDIR/conf/objects.C, change icmpcryptver from 0 to 1

#Cybersecurity Evangelist, Podcaster, #noagenda Producer, Frequenter of shiny metal tubes, Expressor of personal opinions, and of course, a coffee achiever.