Hi Jim, I thought lockdown policy was limited to: * Allowing hosts in the Internal network element to access the Local Host network element using the firewall's administration protocol. * Allowing Remote Desktop Protocol (RDP) from Internal to Local Host. * Allowing ICMP ping from Internal to Local Host. * Allowing DHCP from any host to Local Host. * Outgoing traffic from the firewall to any destination * Traffic that already has a connection element (this allows stopping the firewall service without disrupting existing connections) * Traffic that is to/from the allowed range determined by using FWENGMON Thanks! Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > Sent: Saturday, May 20, 2006 1:52 PM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: Customizing Lockdown Policy > > Sorta. > Lockdown allows all the system policy traffic. > Thus, if you want to change the traffic profile for lockdown, > you can do > it via system policy management. > > It's not as flexible as array policies, but it covers 99.444% of what > the ISA admin needs to bring the server back to life. > > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx > [mailto:isapros-bounce@xxxxxxxxxxxxx] > On Behalf Of Thomas W Shinder > Sent: Saturday, May 20, 2006 11:45 AM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Customizing Lockdown Policy > > Hey guys, > > I know there is a default lockdown policy, but I was wondering while > watering the flowers this morning if there was a method to > customize the > lockdown policy, other than using FWENGMON ? > > Thanks! > Tom > > Thomas W Shinder, M.D. > Site: www.isaserver.org <http://www.isaserver.org/> > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> > MVP -- ISA Firewalls > > > > All mail to and from this domain is GFI-scanned. > > > >