We'd like to deploy the windows 7 firewall and set it up in such a way that it prevents the workstations from talking to each other, ie. block incoming from specific IP ranges, only allow incoming from servers etc. Is this possible? If so, any info or KB's about that? Thanks!

We'd like to deploy the windows 7 firewall and set it up in such a way that it prevents the workstations from talking to each other, ie. block incoming from specific IP ranges, only allow incoming from servers etc. Well... you may just setup a GPO targeting the Windows 7 adv firewall so that it will block connections which don't match a rule, then configure a rule to "allow all" toward the servers IPs while blocking traffic going to any other IP address; the same, for older O/S versions may be achieved by setting up an IPSec policy which won't be used for any kind of "encryption" but just to filter traffic

Sounds good, any available info on how to do that?

> Sounds good, any available info on how to do that? Hmm... what about ... http://technet.microsoft.com/en-us/library/cc748991%28WS.10%29.aspx http://technet.microsoft.com/en-us/library/deploy-ipsec-firewall-policies-step-by-step%28WS.10%29.aspx and then, since we're at it... http://support.microsoft.com/kb/813878 http://msdn.microsoft.com/en-us/library/ff648481.aspx http://www.analogx.com/contents/articles/ipsec.htm HTH