IP SecPol questions

~ [IP SecPol - IP Filter properties - Protocol - Ports]

Which one of these is true:
When I set the IP protocol port - from port A to port B, this means:
1. Any ports in rage [A..B] (including)
2. Connection from port A on source computer to port B on destination
computer


~ Is it possible to block all incoming ICMP requests. When I send outgoing
request, the response should pass-in.

rang from A to B.

--
For more and other information, go to http://www.ChicagoTech.net

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Robert Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.

"George Valkov" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>~ [IP SecPol - IP Filter properties - Protocol - Ports]
>
> Which one of these is true:
> When I set the IP protocol port - from port A to port B, this means:
> 1. Any ports in rage [A..B] (including)
> 2. Connection from port A on source computer to port B on destination
> computer
>
>
> ~ Is it possible to block all incoming ICMP requests. When I send outgoing
> request, the response should pass-in.
>
>
>

I am sorry, but I cannot understand You answer!
Perhaps You wanted to say "range" instead of "rang"?



"Robert L [MS-MVP]" <(E-Mail Removed)> wrote in message
news:#(E-Mail Removed)...
> rang from A to B.
>
> --
> For more and other information, go to http://www.ChicagoTech.net
>
> Don't send e-mail or reply to me except you need consulting services.
> Posting on MS newsgroup will benefit all readers and you may get more
help.
>
> Robert Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
> http://www.ChicagoTech.net
> This posting is provided "AS IS" with no warranties.
>
> "George Valkov" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> >~ [IP SecPol - IP Filter properties - Protocol - Ports]
> >
> > Which one of these is true:
> > When I set the IP protocol port - from port A to port B, this means:
> > 1. Any ports in rage [A..B] (including)
> > 2. Connection from port A on source computer to port B on destination
> > computer
> >
> >
> > ~ Is it possible to block all incoming ICMP requests. When I send
outgoing
> > request, the response should pass-in.
> >
> >
> >
>
>

#2. Ipsec policy does not have a range concept for ports.

your icmp question sounds like you want to block unsolicited traffic while
continuing to allow replies from the messages you sent out. Ipsec policy
does not currently allow for this. What you're looking for is a stateful
firewall.

--
David
Microsoft Windows Networking
This posting is provided "AS IS" with no warranties, and confers no rights.


"George Valkov" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>~ [IP SecPol - IP Filter properties - Protocol - Ports]
>
> Which one of these is true:
> When I set the IP protocol port - from port A to port B, this means:
> 1. Any ports in rage [A..B] (including)
> 2. Connection from port A on source computer to port B on destination
> computer
>
>
> ~ Is it possible to block all incoming ICMP requests. When I send outgoing
> request, the response should pass-in.
>
>
>

Thanks, David!
I do use a firewall on the internet side, but I cannot apply it for the
Windows Shares network on the LAN. I can always disable the block(ICMP)
filter when I need to :-)

"David Beder [MSFT]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> #2. Ipsec policy does not have a range concept for ports.
>
> your icmp question sounds like you want to block unsolicited traffic while
> continuing to allow replies from the messages you sent out. Ipsec policy
> does not currently allow for this. What you're looking for is a stateful
> firewall.
>
> --
> David
> Microsoft Windows Networking
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>
> "George Valkov" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> >~ [IP SecPol - IP Filter properties - Protocol - Ports]
> >
> > Which one of these is true:
> > When I set the IP protocol port - from port A to port B, this means:
> > 1. Any ports in rage [A..B] (including)
> > 2. Connection from port A on source computer to port B on destination
> > computer
> >
> >
> > ~ Is it possible to block all incoming ICMP requests. When I send
outgoing
> > request, the response should pass-in.
> >
> >
> >
>
>