Pinging can be very dangerous (ping of death, etc.) but the PIX has built in security features. To enable it use an ACL to permit icmp. I don't recommend it from the internet. -----Original Message----- From: Harry Whitehouse [mailto:harry@envmgr.com] Sent: Monday, July 30, 2001 3:17 PM To: Firewalls LIST Subject: PIX 520 Firewall -- Enabling Ping for Servers behind firewall? We have a few servers behind our PIX520 with conduits which allow port 80 and 443 traffic only. We have a static NAT mapping. Right now, the firewall is configured to prevent "pinging" the servers behind the firewall. Some of our tech support folks have asked if we could enable this so they could work with customers to confirm connectivity from their ISP to our system. 1. From a security standpoint, is there any downside to permiting ping? Of less importance... 2. Anyone recall off the top of their head how to enable this in the PIX config? TIA Harry _______________________________________________ Firewalls mailing list Firewalls@lists.gnac.net http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list Firewalls@lists.gnac.net http://lists.gnac.net/mailman/listinfo/firewalls