I have a subnet (10.0.10.X) and I need to block smtp and ftp on every server within that subnet. How would I go about doing this, it seems relatively simple, but I have never tried to tackle this task before. Any suggestions are welcome!

The easiest way is to configure the firewall on each computer to block the ports used by those services. If all of the computers are running Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2, then use Group Policy and Windows Firewall with Advanced Security to create a GPO that applies to all of those computers. The policy should include inbound and outbound rules to block the appropriate ports. You can refer to the Step-by-Step Guide: Deploying Windows Firewall and IPsec Policies at http://technet.microsoft.com/en-us/library/cc732400(WS.10).aspx for detailed instructions. If some of the computers are running Windows XP or Windows Server 2003, then see the Windows Firewall Tools and Settings page at http://technet.microsoft.com/en-us/library/cc737845(WS.10).aspx for settings specific to those versions of Windows. Dave BishopSenior Technical WriterWindows Server Networking User Assistance

Hello, A router with a packet filter would be ideal. This way you can add rules that limit who can and cannot transmit. So for example, you can block SMTP traffic on the Internal LAN subnet but leave SMTP open from the WAN so your Exchange server can send and receive E-mail. Packet Filters give you pretty granular control over your TCP/IP traffic. Check your router/firewall to see if it has the capability. Cisco, MS ISA Server, Sonicwall all have packet filters. If not, Sonicwall TZ-200 or Multitech RF-820 routers are inexpensive and have good packet filters. Miguel Miguel Fra / Falcon ITS Computer & Network Support , Miami, FL