Firewalls

Both aren't firewalls, but host-based packet filters. Running 2 of them is not just pointless, but even dangerous, as it increases complexity.

Windows Firewall is better. Outpost has a lot of known vulnerabilities, totally unnecessary complexity (f.e. useless trials of application control) and a pretty lousy quality.

You should try to supplement the XP FW as I have seen a few posts in other NG(s) as it's been disabled and taken out, since I know you're running on the Internet with Admin rights.

Duane :)

This is different from any other host-based packet filter in exactly which way?

I suggest supplementing them all. And since it's XP, I would use IPSEC. IPSEC is the key and it's there too.

IPSEC! It's a supplemental solution and it works for me. ;-)

Duane :)

You know a good tutorial site to set up IPSEC? Will it interfere with multiplayer games? Thx.

IPSec for packet filtering suffers two problems:

1. no stateful filtering
2. default exemptions, which can only be fully disabled on NT 5.2 (Srv03, XP 64)

But what about IPFilter and RAS Firewall?

I am not looking for stateful filtering. I think I have told you this once before. IPSEC does the job I needed to do in a supplemental role with the rules I created to supplement the PFW solution. Or I was using it to supplement the NAT router that couldn't stop outbound.

I will say this to you one more time *supplement*. Do you understand the meaning of the word *supplement*?

With the rules I have set or created to supplement in case the PFW solution is taken out, the machine is not setting there wide open. If I need to block all SMTP traffic, POP3 etc, etc, etc, I can easily do it with the AnalogX rules that are provided by AnalogX to use and simply enable them.

I have no use for IPfliters or a RAS FW on this laptop. And when I have my network setup again, everything is behind the WatchGuard.

Duane :)

If you're running XP pro or better, then there is the IPSEC UI.

I have the AnalogX rules implemented. I have the main service rules enabled, like SMTP, POP3, HTTP, etc on the client side. I got Windows Networking disabled block traffic I don't need that rule as I have networking unbound off the NIC but the PFW was still barking about inbound traffic it was blocking on the networking ports and IPSEC stopped that.

I can set rules to stop all inbound or outbound traffic in reserve in case I need that. It's a simple rule Block all TCP traffic, which you can use behind the XP FW as it's not stopping anything outbound.

You can create or edit rules on XP with it's other IPSEC tool, since XP Home doesn't have the UI.

IPSEC was blocking on some high ports on some downloads. I either set the rules to allow the traffic or I just disabled IPsec until the download was completed. That's the only problem I had and you'll have to play with it and configure it to fit your needs.

Duane :)

Ok, thx for the info. This one above should do me as I'm on XP Home and not Pro.

This link that I gave you talks about the tools at the DOS Command Prompt that can be used to create new IPsec rules, modif existing rules, and trun a IPsec policy on or off. You may have to install somethings off the XP CD.

Duane :)

Will do, thx.