Below is what I wish to accomplish. It involves opening all ports above 1024 for access to and from a specific range of ip address. At first I thought of creating [destination set + protocol definition = protocol rule] but then realized that would mean creating many many many (64000)protocol definitions to open the ports. Any ideas? Thanks N. Client: UDP datagrams are sent to/from the PC (using an arbitrary port>=1024) from/to one of the servers (using an arbitrary port>=1024). The server IP addresses are on the subnets: 64.37.148.* , 64.37.149.* , 64.37.150.* , 64.37.151.* , 63.241.40.*, 63.241.41.*, 63.241.42.*, and 63.241.43.* These network blocks may be summarized as 64.37.148.0/22 and 63.241.40.0/22. Please note that the application opens a random UDP data port from the client PC every time the application is run. Thus, the need to have all ports >= 1024 available.