I have followed Craig's instructions on setting up ack bit flitering
dynamic/tcp. I have a question about dynamis/udp, I understand you
use ack bit filtering but is this not a concern? When I do a scan of
subnet I can see ports 213 and 353 and from what I read that is
for the site to site and client to site vpn to work properly...is that

correct? We have five BM servers configured for site to site and each

one also has client to site configured. Besides the VPN all of the
servers only need to surf the web so do I need the dynamic/tcp and udp

filter exceptions or can I get rid of them?

Thanks in advance Bob!