NG FAQ - by AERAsec

*Platform:*	Any platform for Check Point NG
*Product:*	Check Point Next Generation FP3 and newer
Problem:	When deploying NG FP3, an allowed ping goes through the Firewall when using e.g. Microsoft Windows. If the ping command is used on a router, FireWall-1 blocks this request
*Workaround/Fix:*	Due to SmartDefense, the size of a ping is limited. In NG FP3 the maximum size of a Ping is set to 64 Bytes, and if a Router sends Pings with 100 Bytes, they are being blocked. To avoid this problem, increase the maximum size in SmartDefense - IP and ICMP - MaxPingSize to 128 Byte or more. The maximum Ping size according to "best practice" is 548 Byte. After having done this and installing the rule base, everything should work as wanted. This problem has been fixed in NG AI and the default size set to 548 Byte. If there are still problems with monitoring tools like e.g. IBM Tivoli, the ping size might be increased.

Check Point VPN-1/FireWall-1