Hi there, We are currently experiencing hacker attacks heavily and plan to put firewall in our servers. Our environment is: Win2K domain One Domain Controller, One exchange server, One web server; All (servers/workstations) connect directly to campus network. (Gateway using MSU Gateway), We do not have router and not using NAT either. Originally, we plan to put Norton FireWall in our servers, but it come with 25 licenses(at least) and we currently use BlackIce. But I heard blackIce is application firewall and some recommendation to use network FireWall. I wonder if anyone has more experience on this and can give us some suggestion. In addition, since DC and exchange server(Microsoft) using bunch of ports, currently we can not prohibit all ports. Thank you, Xiaomei Liu