First of all - Firewall Rules merge wizard is NOT what I presummed it would be. My issues with the merge wizard are: - Collecting the learnt rules from several clients generates a whole bunch of duplicate rules. That to me is not the meaning of 'Merge' - The policy xml file that the wizard generates does not include the zones or application/browsers that have been collected by the clients. - To create a suitable firewall policy, I had to directly import the 'configuration' from a client that had been in learning mode. And after import that configuration, I had to unmark all the settings I didn't need in my firewall policy. Rules editor: - Default rule for an application is Allow? - Learnt rules restrict discovered communications, but make no restrictions on communications that were not made?? i.e A sample from the rules editor for a policy imported from a learnt client (Application tree mode): Code: ======================================== Trusted In Trusted Out Internet In Internet Out wmipvrse.exe allow specific allow allow Rule created by learning: allow Rule created by learning(2): allow ======================================== (Note: The duplicate rule) What does that mean? wmiprvse is open to the world, but lets just make it clear that it is allowed to communicate with the local network?? What am I missing here. There must be a simpler way to acheive a firewall policy for my small network. TIA Michael.