My ideal setup is: Only port 80 and 229 (ssl, right?) BUT allow any port if requesting IP is my IP. Ray at work > -----Original Message----- > From: Jim Kenzig [mailto:jimkenz@xxxxxxxxxxxxxx]=20 > Sent: Monday, December 16, 2002 11:20 AM > To: windows2000@xxxxxxxxxxxxx > Subject: [windows2000] Re: IPSec >=20 >=20 >=20 > Yes, > I use IPSec IP Filtering on my web server. I block all=20 > incoming ports except > port 80. Get to IP Security Filtering by going to your Local=20 > area connection > properties, Internet Protocol, click on the properties=20 > button, then click on > the advanced button on the IP screen.=20 > Then click on the options tab and highlight TCPIP Filtering=20 > and click on the > properties button. Check the box to enable IP Filtering and=20 > only allow the > ports incoming that you want people to access. >=20 > Regards, > Jim Kenzig > http://thethin.net >=20 >=20 > -----Original Message----- > From: windows2000-bounce@xxxxxxxxxxxxx > [mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Rob Combis > Sent: Monday, December 16, 2002 11:10 AM > To: windows2000@xxxxxxxxxxxxx > Subject: [windows2000] Re: IPSec >=20 >=20 >=20 > Ray- > Take a look at this document. >=20 http://www.systemexperts.com/tutors/HardenW2K101.pdf You will be using the IPSEC console but not really using IPSEC, more =3D like a filter. But it works. I used it on my DNS server before we got =3D a PIX. Oh yeah I highly recommend a hardware firewall. Way better then =3D ISA server, which I used before. Rob ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** ================================== To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm