[Jleung]

I would like to allow out-of-state packets thru the checkpoint without disabling it under global property. Reading previous posting this can be accomplished by editing $FWDIR/lib/user.def on the management station and adding the following:

deffunc user_accept_non_syn() { (src=x.y.z.w, dst=a.b.c.d) or (src=a.b.c.d, dst=x.y.z.w) or dport=22 };

However, my question is whether I can specify network/subnet ip address instead of using hosts ip addresses.

Thanks.