Hi Danny, Yes, since system policy only allows for ICMP Info Request, Timestamp and Ping. Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Danny Sent: Wednesday, August 23, 2006 12:02 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] EnablePMTUDiscovery now enabled - Access policy required as well? After enabling EnablePMTUDiscovery per MSKB 905179, do you need to create a new policy per MSKB 902347 to see the potential performance improvements? Referencing: http://support.microsoft.com/default.aspx?scid=kb;en-us;905179 http://support.microsoft.com/kb/902347/en-us Policy: ISA Server 2004, Standard Edition 1. Click Start, point to Programs, point to Microsoft ISA Server , and then click ISA Server Management. 2. In the left pane, expand ArrayName, and then click Firewall Policy. 3. In the task pane, click the Toolbox tab, and then click Protocols. 4. Under Protocols, click New, and then click Protocol. 5. In the Protocol definition name box, type ICMP MTU Discovery, and then click Next. 6. Click New, and then click ICMP in the Protocol type list. 7. In the Direction list, click Send Receive. 8. Type 4 in the ICMP Code box, type 3 in the ICMP Type box, and then click OK. 9. Click Next, click Finish, and then click Apply. 10. In the left pane, right-click Firewall Policy, click New, and then click Access Rule. 11. In the Access rule name box, type Allow ICMP MTU Discovery, and then click Next. 12. Click Allow, and then click Next. 13. In the This rules applies to list, click Selected protocols, and then click Add. 14. In the Protocols list, expand User-Defined. 15. Click ICMP MTU Discovery, click Add, click Close , and then click Next. 16. Click Add. 17. In the Network entities list, expand Networks. 18. Click External, and then click Add. 19. Click Internal, click Add, click Close , and then click Next. 20. Click Add. 21. In the Network entities list, expand Networks. 22. Click Local Host, click Add , click Close, and then click Next two times. 23. Click Finish, and then click Apply.