Here is the official response from Jetico regarding ICS with it. Quote In general disabling Stateful Packet Inspection makes JP Firewall allowing almost all network traffic on low-level (i.e. almost all incoming network packets will reach Windows TCPIP driver). And only after that they are filtered by upper JP Firewall level where it checks that some program is going to receive the packets. I write "almost all packets", because low-level JP Firewall filter will continue dropping "bad" packets sometimes used to attack computers. End Quote. Now my question is, how does Kerio 2.15 and Zone Alarm Pro handle ICS, do they also disable Stateful Packet Inspection when ICS is selected?