OK Mr Pooh,

I went back and reread your first post, I am still looking for a link to a whitepaper though, you did post a link to itright, come to think of it, I didnt even see a mention of a whitepaper in your first post? or was your post the whitepaper? I suppose I should just go "google" for windows xp service pack 2 whitepaper right?

It was a very nice post. The screen captures of various new features was interesting, and the description of the new features available in the next service pack for XP was very usefull.

however, I still have a few questions for an expert.

There is a problem with the current version of ICF, in that when enabled, it causes issues with Outlook and Exchange. The bottom line is, unless outlook initiates a conversation with exchange, the traffic from exchange is denied, therefore users get no notification that they have new mail, nor does any new mail appear in their inbox, unless the user takes some action which causes Outlook to make a request to exchange, such as, changing folders.

I notice in the your post that there are a few screenshots of the firewall, one of those screenshots allows me to select an application from a list and set it to be allowed to send or recieve traffic, so, theoretically I could go there, and enable outlook and everything would be fine.

Problem is, from past experience, there are many times when Exchange initiates communication to the client, for example, when a user recieves new mail, also, from my current experience, the ports used by exchange to do communicate with outlook is a dynamic range, it is not always the same one, like for example, everyone knows that port 25 is smtp, with the communication between exchange and an outlook client there is no one port(although a number of your standard windows type ports are used for "controll" or initiation perposes) there are lots of different ports that could be used.

So, I guess after all that, my question is the same as it was before I went back to re-read your post.

Does the new version of ICF work properly with Outlook and Exchange? Does it recognize seemingly unrelated traffic(from a tcp/ip standpoint) as being legitimate traffic going from exchange to the outlook client?

If it does not recognize that traffic, that means I have to create additional rules to specificaly allow that traffic, not a problem, been there before, but, I do not seem to see a of allowing a specific IP address to access the machine which has the firewall. I see, allow access to a port, from either everywhere, or local subnet. I do not want to allow all, to the machine, nor do I want to allow local subnet too the machine, I want to allow exchangeserver.example.com to the machine, or more properly 172.X.X.X. Allowing local subnet kind of defeats the purpose of this firewall in the first place(except maybe for laptops, as I said previously) because they are already protected quite well from the outside world, the point of using this firewall would be to prevent a worm or other internal danger from accessing this users machine, assuming that someone has managed to succesfully plug an infected laptop into our internal network.

Since I have now made an effort to educate myself and make "informed decisions", can you please please please answer the question.