All icmp traffic is being blocked between clients and DC's by a PIX firewall.
I just want to know how this will affect client logons.
I don't use the XP sp2 FW.
I'm not sure I understand "Beads" comment about blocking it on a straight lan.
How can you block traffic on a non segmented lan?
something has to be blocking the traffic on a L3 switch/router or on a firewall sitting between networks or vlans, etc.
we don't use personal sw firewalls here.
anyway, what i really would like to know is will blocking icmps om a pix fw between clients and DC's affect client logons or GPO processing?
Thanks a lot
On 12/30/05, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] <[EMAIL PROTECTED]> wrote:
Group policy issues.
On the XP sp2 machines if you enable the firewall but allow 445
traffic... merely enabling 445 with also allow ICMP.
Product team did this because they need it for group policy.
See discussion on focusonms listserve way back when XP sp2 first came out.
[Fire up your firewall and in the advanced window you can see it too]
Tom Kern wrote:
> What affect would blocking icmp packets on all vlans have on win2k/xp
> client logons in a win2k forest?
> any?
>
> I know clients ping dc's to see which responds first and later ping
> dc's to determine round trip time for GPO processing, but would
> blocking icmp's have any adverse affects on clients?
> I only ask because my corp blocks icmp's on all our vlans and i get a
> lot of event id 1000 from Usernev with error code of 59 which when i
> looked up, refers to network connectivity issues. i think this event
> id is related to the fact we block icmp packets and i was wondering if
> thats something i should worry about in a win2k network.
> Thanks
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
