Hi Volker Spies,
The rest is def initely blocked by the firewall rules (only to outside interface). The firewall log shows that the ports are blocked. I see the portscan and I see that, for example, Port 25 is denied.
to denie port 25 (smtp) is not a good idea. Port 109 (pop2) you can denie. The pop2-protokoll is older than pop3. Pop3 is the default for geting mails via dial-up. If you have a mailserver in your DMZ you can disable pop3 to outside. The mailexchanging between the mailservers is used by smtp (by default). Some other I've sean in your portscan-protokoll. Why you are using MS-Terminal-Server in addition to the Citrix ICA-Client. I have heard that Terminal-Server produce much more traffic over the lan than Citrix. The reason for this is that terminalserver is sending every changing of the screen (the new picture completely) to the thin-client. Citrix only sends the difference between the screenpictures. So the traffic sends by using citrix is much more reduced than using terminalserver. Regards, Ruprecht ---------------------------------- Ruprecht Helms IT-Service und Softwareentwicklung Tel/Fax.: +49[0]7621 16 99 16 Homepage: http://www.rheyn.de email: info@rheyn.de ----------------------------------