I can't find the answers in the Help file. (1) What is the processing order of rules when DLLs, Applications(some with IP and remote port restrictions) and Internet rules (some with applications linked in) are active? Some of it I can figure out by trial and error and logging an enormous amount of stuff, but it's an unwieldy process. Especially that rule making for me is not all that intuitive here. (2) Is there any way to color the dropped U- and D- packets without major changes to the GUI, something a user could do? And could we color in (D) differently from out (U), green and pink, Kerio-like?