I have Windows Server 2008 SP1 with SCCM 2007 Sp2. SCCM is very noisy in network so I tried to disable some network segments where it must not go. I configured firewall rule in Advanced security - Outband rule. I blocked all programms and services from any port to any port for particular network segment. But problem still remains, my network administrators showed me that this server still is trying to go to that network segment. Why this blocking rule do not work?

Hello, Thank you for your post here. 1. Could you please export and paste the deny outbound rule? 2. You may enable the firewall and IPSec audit on the SCCM server: a) In the command prompt, type the following command. You can copy and paste this command into the Command Prompt window: auditpol.exe /set /SubCategory:"MPSSVC rule-level Policy Change","Filtering Platform policy change","IPsec Main Mode","IPsec Quick Mode","IPsec Extended Mode","IPsec Driver","Other System Events","Filtering Platform Packet Drop","Filtering Platform Connection" /success:enable /failure:enable b) Restart the Windows Firewall service by typing the following commands, ending each by pressing ENTER: net stop MPSSVC net start MPSSVC Enable IPsec and Windows Firewall Audit Events http://technet.microsoft.com/en-us/library/cc754714.aspx Once you have waited for enough time, you may create a customized filter to check whether traffics to other networks are permitted. If you have any questions or concerns, please do not hesitate to let me know

HiThanks for response. Here is my outbond deny rule.Name, Group, Profile, Enabled Action, Program, Local Address, Remote Address, Protocol, Local Port, Remote Port, Allowed Computers "Block all outgoing to VPN net", Any, Yes, Block, Any, Any, 10.111.4.0/23, Any, Any, Any, Any When I stopped MPSSVC I losted Remote connection.

HiI just filtered out my Ip address:Application Information: Process ID: 4 Application Name: System Network Information: Direction: Outbound Source Address: Server IP Source Port: 137 Destination Address: 10.111.4.xx Destination Port: 137 Protocol: 17 Filter Information: Filter Run-Time ID: 77637 Layer Name: Connect Layer Run-Time ID: 48"Audit Failure,08.03.2010 10:18:41,Microsoft-Windows-Security-Auditing,5152,Filtering Platform Packet Drop,"The Windows Filtering Platform blocked a packet. Application Information: Process ID: 4 Application Name: System Network Information: Direction: Outbound Source Address: Server IP Source Port: 137 Destination Address: 10.111.4.xx Destination Port: 137 Protocol: 17 Filter Information: Filter Run-Time ID: 77637 Layer Name: Connect Layer Run-Time ID: 48"Audit Success,08.03.2010 10:18:41,Microsoft-Windows-Security-Auditing,5158,Filtering Platform Connection,"The Windows Filtering Platform has permitted a bind to a local port.What the last event means that server anyway made a connection to 10.111.4 network?