Lee: > >If you do use a software firewall for w2k or w2003 servers: > >1. What do you use? > > I have been evaluating a product called "CHX-I Packet Filter" (http://www.idrci.net/). I had been looking for a lightweight packet-filtering option for some of my Windows Servers similar to the software firewalls that are available with Sun Solaris 10 (IP Filter) and other UNIX varieties. I wanted to avoid most of the application-based firewalls that display "pop-ups" to warn of possible intruders or unknown applications. With the packet-filtering option, I disable all ports by default and then enable only the ports and IPs (or MAC addresses) of the traffic that I need to pass in/out. Similar packet-filtering rules can be implemented within the "Local Security Policy" using IPSec, but I don't believe the IPSec rules perform stateful inspection and I don't think there is an option for logging which can be useful when setting up and troubleshooting new filtering rules. >2. Can you copy the firewall rules for backup or use on another machine? > > Yes - very easily. >3. Have you used any tools such as performance monitor to determine the >software firewall's affect upon system resources such as cpu time and >memory? > > Not yet. Still evaluating. Mostly concerned with setting up the packet-filtering rules at the moment. Have read some postings on various message boards that stated CHX-I was very good at using limited resources. >4. Does this require a yearly subscription? > > Free for personal use, but not for commercial use. When I contacted the company regarding use in an educational environment, that wanted to push a campus site-license. However, since I was only interested in about five machines, I was granted permission to use the software for free. As I mentioned, I am still evaluating - there doesn't seem to be too many bells and whistles with this product, but from what I have seen so far, it seems to do what I need it to do and that is packet-filtering, plain and simple. Jim -- ======================================== James T. Brown UNIX Systems Administrator Geography/Fisheries & Wildlife Michigan State University email: [log in to unmask]