Donat Was Here

DonatShell
Server IP : 180.180.241.3 / Your IP : 216.73.216.252
Web Server : Microsoft-IIS/7.5
System : Windows NT NETWORK-NHRC 6.1 build 7601 (Windows Server 2008 R2 Standard Edition Service Pack 1) i586
User : IUSR ( 0)
PHP Version : 5.3.28
Disable Function : NONE
MySQL : ON | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF
Directory : /Windows/Help/Windows/en-US/
Upload File :
[ HOME SHELL ]
Current File : /Windows/Help/Windows/en-US/authfw.h1s
MZ@PELà!@0‚Á
@Ô.rsrcÔ@@.its @@€0€	HX||4VS_VERSION_INFO½ïþÚStringFileInfo¶040904b0b!FileVersion1.00.00                         l"FileDescriptionCompiled Microsoft Help 2.0 TitleBFileStamp718AC19901CA041F4JCompilerVersion2.5.71210.08579VCompileDate2009-07-14T01:07:22      >TopicCount160000000000000¦ALegalCopyright© 2005 Microsoft Corporation. All rights reserved.CCCCCCCCCCCCCDVarFileInfo$Translation	°ti ™ÁŠq»Ã*¿•ITOLITLS(è›XìŒ¡Ù±^
V¿æî`¸  ˜ xˆ˜ÿÿÿÿÿÿÿÿ |ÿÿÿÿÿÿÿÿCAOLPHHíC ITSF Ø#_#q	þOL
-YìŒ¡Ù±^
V¿æîYìŒ¡Ù±^
V¿æîIFCMÿÿÿÿÿÿÿÿAOLLÍÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ|IFCM ÿÿÿÿÿÿÿÿAOLL`	ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ//$FXFtiAttribute//$FXFtiAttribute/BTREE‰ê*È/$FXFtiAttribute/DATA/$FXFtiAttribute/PROPERTY‹²BN/$FXFtiMain//$FXFtiMain/BTREEƒß	…ˆ/$FXFtiMain/DATAˆç!;/$FXFtiMain/PROPERTY‰è\N/$Index/$ATTRNAME‹¿`\/$Index/$PROPBAG‘²/$Index/$STRINGS†t‚Ô/$Index/$SYSTEM‘– ›l
/$Index/$TOC//$Index/$TOC/$authfw”~/$Index/$TOPICATTR‹´‹P/$Index/$TOPICS‘‚”/$Index/$URLSTRÛœ~/$Index/$URLTBLøŠ/$Index/$VTAIDX‹Á<¥(/$Index/AssetId//$Index/AssetId/$BL0‹æd /$Index/AssetId/$LEAF_COUNTSŒ†d/$Index/AssetId/$LEAVESŒ†t€	/$OBJINST”~ƒÊ/assets/0/assets/05d277a3-2b83-4951-a2fc-e2ca78a24f24.xmltÜ*0/assets/06cbaf77-aa9d-4dec-b056-3dcd2616e4fa.xmlÝ¦K0/assets/0ec58789-26f0-47cd-9f43-aa6e7d52db10.xmlƒi`0/assets/101488a1-9f62-4797-9330-4937c888e371.xml‘I0/assets/12452b6f-dce5-4515-bfdd-455f08c77e5a.xmlžZ¡N0/assets/13da39e0-2a32-4ac4-a952-4391ae88c739.xmlÀ(¥b0/assets/142a13a0-f0c4-4122-95d9-ecfb6f6391c4.xmlæ
C0/assets/14f25442-df7f-4c80-9ffc-b01781b2b246.xmlöMÁ0/assets/1826c5b4-7aa9-419a-a211-07542a5dcf1a.xml‚·l¦0/assets/18ddcbbd-4939-492c-a716-f1fccc468c18.xml‚ÝsÐ0/assets/1a70e8bc-19f3-4bd5-bba9-d04c432adbc6.xmlƒ®•0/assets/1a81d9c6-f39f-4835-a00b-11d994247ca9.xmlƒÃµ/0/assets/20b3aba6-884a-4ef9-8ea7-914e4cd735d9.xmlƒøKc0/assets/226a35ae-cf87-4bd3-b4be-fab77930e6da.xml„‰.Éo0/assets/2318ec3c-e196-4a43-9d79-70ca7c52194a.xml„Ó˜!0/assets/2adf4b4a-fbdb-4bfa-8e09-8648c986f4f0.xml„ë>Ê_0/assets/39e393da-18a6-4a1d-85d1-d9dcb46e3b93.xml…¶¬J0/assets/40413516-c1ab-46b3-b62c-d165b434974b.xml…âg‹40/assets/41646515-247f-4ce4-a9fd-600bd90ae773.xml…î£!0/assets/5147487b-bb6a-40e4-b8ee-f263c52bee24.xml†‘<®!0/assets/52a543f3-3baa-42d9-8614-25293d0e3f62.xml†¿]•U0/assets/53d4595a-b6b0-4133-be9e-03dcecef56e6.xml†Õ2›10/assets/53df2676-ea86-4670-8f48-b113383a0992.xml†ðc¥50/assets/55215ddc-b9aa-4bac-9ec2-d5da5cb3932c.xml‡–§l0/assets/5886c961-2f7a-46f9-928b-2b906f2c354a.xml‡¾•t0/assets/58a40682-63b1-493a-9d97-940532cbbcd8.xml‡Óx¸y0/assets/5918d117-66c3-4f58-8680-a5a822c40dc7.xmlˆŒq–n0/assets/5aaa1ce1-0a0e-4686-a4cf-d63cb0a351da.xmlˆ£_²10/assets/5ca392ca-aece-4319-90c5-80544a29b8e9.xmlˆÖž0/assets/60324d03-97f8-4aa5-864b-af205ebff02b.xmlˆô"¡@0/assets/63138fa3-9f09-4684-89cb-c44306ee3763.xml‰ûe°[0/assets/66011489-1eee-4986-9373-565e557db23b.xmlŠ¬@Ål0/assets/6a710a38-a254-4a80-9a53-6ea2e0816d24.xmlŠò,°Y0/assets/70d0c763-d3a3-486d-9f91-e213831f2485.xmlŒŠ]N0/assets/710fa446-c600-4691-ae28-37a9824fb95d.xmlŒ¸+¼Q0/assets/71ea19d0-e57f-4828-923a-632cdb208aad.xmlŒô|«:0/assets/7e24b5a1-742d-4247-b86d-db9e097dee4e.xml 6œn0/assets/8039b8d4-e87b-4aac-9c09-6a34cc73f1b6.xml½$¬d0/assets/85c69539-f0c0-474c-9860-d220293ab2d6.xmlŽßyÎk0/assets/8a0b490a-db5e-420f-8990-d0e30a17bc1a.xml®d¥S0/assets/8b29e655-9fb1-4ba5-a701-30812af59d2e.xmlÔ7™R0/assets/8c965889-6e37-4ad0-b41d-4f98bed709ad.xmlî	ªt0/assets/950c636f-f858-4852-8a78-b3222cd57bff.xml˜} 40/assets/97e94c49-45b2-4af9-bcd8-07fff5c1618f.xml¹1³0/assets/9868a02b-2d5f-4a8d-a1f7-f6f1a64cec99.xmlìC‘Q0/assets/98690952-0b7a-4b1f-bbee-3db1fa381f4f.xmlþž0/assets/99ae4ae7-1d65-4020-b26c-bfaf2df8ba6b.xml‘œ,ž!0/assets/9d81b178-5fef-4b23-9dc7-e85f20bbf5d9.xml‘ºMŠ0/assets/9fcdfb8b-6e47-4c72-b6f3-cb6e5fdb529f.xml‘ÄYY0/assets/a4c3ccd0-9ec1-4da5-982d-6e65877b5db3.xml‘â2˜c0/assets/aa9088cb-98f3-4c53-8270-09484edb997a.xml‘û¡0/assets/aaad90b0-4f52-46ca-9636-e05175e4aa78.xml’œ/Æ0/assets/b029858f-ef85-4cdd-a29c-06a9457f4365.xml’âH£40/assets/b31c589e-5b17-42df-b7ad-041084dd2074.xml“…|Ö0/assets/b8b120da-821c-45f1-86ee-d7303f6b500a.xml“Ü²0/assets/ba442eea-0e40-4936-bb3a-413993267098.xml”Ž9 h0/assets/c243c092-48c6-4073-9b19-b9c98c931582.xml”¯!—l0/assets/c85aba54-dcb3-45be-b1bd-271d579da6fc.xml”Ç
¬0/assets/cc83aec7-e835-4b20-acbd-e40eac6764f2.xml”ó©0/assets/ccd5048b-bdba-47b7-8658-9f8bbbcec7fb.xml•œ4©h0/assets/cd103e5b-9da9-438d-a9b8-ed96384a17f2.xml•Æ±a0/assets/d42aa5c6-4859-4f78-b001-dc067151521b.xml•÷}¨0/assets/d43f0fad-14d0-4def-8440-631d6e8fe905.xml– Ém0/assets/d857a0e4-9ae0-4ee0-84a1-13100e8e5948.xml–é~0/assets/d9626188-57c8-49b1-ad44-66e75119a5f9.xml—‡}¥i0/assets/dc5c6bc1-9537-456d-b168-faf78a66554f.xml—f m0/assets/dd07bae3-3af0-469b-adc8-84f78f4169e8.xml—ÎSô0/assets/e3c300ca-1c4c-43a3-82d1-7e4b0860b7e2.xml˜Âq0/assets/e98f04c7-99c8-4816-a640-da8e73a14db3.xml˜Ïw©{0/assets/ec590a1c-d105-4cf9-bf83-6606624c33db.xml˜ùr©W0/assets/ed344be2-ee6d-4a37-ac31-4f0b9763d04b.xml™£IX0/assets/ee8441ab-55b4-4ce3-b658-d4e28320a010.xml™Á!U0/assets/f19cbe6e-7235-4613-90d0-6f7a3e8a6093.xml™îvÎh0/assets/f4d3d872-6514-49fd-b8ed-1d725f74f0c1.xmlš½^¹90/assets/f637c2d4-a8aa-4e7a-b437-86b8e3accc7f.xmlš÷³A0/assets/f87bdc33-14b4-4832-b190-377f16d7e671.xml›ªX”0/assets/f9172bb1-6c9e-4e09-a1cb-6e6912459aee.xml›¾pÚ)0/assets/ffe91987-ce8c-4caa-826a-fb26d9d3f23b.xmlœ™‘g/authfw.h1cœ«Š
/authfw.H1Fœµ
ª(/authfw.H1T¢êsÙU/authfw.H1Vœß2†‹A/authfw_AssetId.H1K£ÄHk/authfw_BestBet.H1K£Å3k/authfw_LinkTerm.H1K£Æl/authfw_SubjectTerm.H1K£Ç
o/relatedAssets/7/relatedAssets/35a693e7-9134-418a-9c80-17f6d60c08e6.gif‹£çX7/relatedAssets/52c6db15-ed4e-415c-a077-ce2a57486732.gif‰•bæ7/relatedAssets/64ce07a8-52a2-4d69-a392-2cae596fef27.gifêõq::DataSpace/NameList<(::DataSpace/Storage/MSCompressed/Content£Çy…ˆ,::DataSpace/Storage/MSCompressed/ControlDataT )::DataSpace/Storage/MSCompressed/SpanInfoL/::DataSpace/Storage/MSCompressed/Transform/List<_::DataSpace/Storage/MSCompressed/Transform/{8CEC5846-07A1-11D9-B15E-000D56BFE6EE}/InstanceData/i::DataSpace/Storage/MSCompressed/Transform/{8CEC5846-07A1-11D9-B15E-000D56BFE6EE}/InstanceData/ResetTable¨Ðp3::Transform/{8CEC5846-07A1-11D9-B15E-000D56BFE6EE}/4Q‹"4!ûè
ÕÂ¯
œ	‰vcP=*EÅSåq|UncompressedMSCompressedFXìŒ¡Ù±^
V¿æîYLZXCHH<maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Windows Firewall with Advanced Security Properties Page</maml:title><maml:introduction>
<maml:para>Use this dialog box to configure the basic firewall properties for each of the network profiles. You can also use the <maml:ui>IPsec Settings</maml:ui> tab to configure the default values for several IPsec configuration options.</maml:para>

<maml:procedure><maml:title>To get to this dialog box</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, perform one of the following steps: </maml:para>
<maml:list class="unordered">
<maml:listItem><maml:para>In the navigation pane, right-click <maml:ui>Windows Firewall with Advanced Security</maml:ui>, and then click <maml:ui>Properties</maml:ui>.</maml:para></maml:listItem>
<maml:listItem><maml:para>Select the top node in the navigation pane, and then in the center pane, in the <maml:ui>Overview</maml:ui> section, click <maml:ui>Windows Firewall Properties</maml:ui>.</maml:para></maml:listItem>
<maml:listItem><maml:para>Select the top node in the navigation pane, and in the <maml:ui>Actions</maml:ui> pane, click <maml:ui>Properties</maml:ui>.</maml:para></maml:listItem>
</maml:list></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Domain, Private, and Public Profile tabs</maml:title><maml:introduction>
<maml:para>You can configure any profile, even one that is not currently being applied. If you do not alter profile settings, their default values are applied whenever Windows Firewall with Advanced Security uses the profile. We recommend that you enable Windows Firewall with Advanced Security on all three profiles.</maml:para>
<maml:para>You can configure the following settings on each profile tab:</maml:para>
</maml:introduction>
<maml:sections>

<maml:section><maml:title>State</maml:title><maml:introduction>
<maml:para>State selections determine whether Windows Firewall with Advanced Security uses the profile settings and how the profile handles inbound and outbound network messages.</maml:para>
</maml:introduction>
<maml:sections>

<maml:section><maml:title>Firewall state</maml:title><maml:introduction>
<maml:para>Select <maml:ui>On (recommended)</maml:ui> to have Windows Firewall use the settings for this profile to filter network traffic. If you select <maml:ui>Off</maml:ui>, Windows Firewall will not use any of the firewall rules or connection security rules for this profile.</maml:para>
<maml:alertSet class="important"><maml:title>Important </maml:title><maml:para>If you use Group Policy to disable Windows Firewall, or configure Windows Firewall with a rule that allows all inbound network traffic, then Windows Security Center will alert the user that there are security issues that the user should correct. If the user tries to correct the reported problem by clicking <maml:ui>Turn on</maml:ui> in Windows Security Center, then an error will be displayed because Windows Security Center cannot enable Windows Firewall. This can generate unwanted support calls to your help desk. If you are managing the security of the computers in your organization and do not want Windows Security Center to alert the user about security issues, then you can disable the Windows Security Center by using the <maml:ui>Turn on Security Center (Domain PCs only)</maml:ui> Group Policy setting found in <maml:ui> Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Security Center</maml:ui>.</maml:para></maml:alertSet>
</maml:introduction></maml:section>

<maml:section><maml:title>Inbound connections</maml:title><maml:introduction>
<maml:para>This setting determines the behavior for inbound connections that do not match an inbound firewall rule. The default behavior is to block connections unless there are firewall rules to allow the connection. You can choose the following behavior for inbound connections:</maml:para>
<maml:table>
<maml:tableHeader><maml:row>
<maml:entry><maml:para>Selection</maml:para></maml:entry>
<maml:entry><maml:para>Description</maml:para></maml:entry>
</maml:row></maml:tableHeader>

<maml:row>
<maml:entry><maml:para>Block (default)</maml:para></maml:entry>
<maml:entry><maml:para>Blocks all connections that do not have firewall rules that explicitly allow the connection.</maml:para></maml:entry>
</maml:row>

<maml:row>
<maml:entry><maml:para>Block all connections</maml:para></maml:entry>
<maml:entry><maml:para>Blocks all connections, regardless of any firewall rules that explicitly allow the connection.</maml:para></maml:entry>
</maml:row>

<maml:row>
<maml:entry><maml:para>Allow</maml:para></maml:entry>
<maml:entry><maml:para>Allows the connection unless there is a firewall rule that explicitly blocks the connection.</maml:para></maml:entry>
</maml:row>
</maml:table>
</maml:introduction></maml:section>

<maml:section><maml:title>Outbound connections</maml:title><maml:introduction>
<maml:para>This setting determines the behavior for outbound connections that do not match an outbound firewall rule. The default behavior is to allow connections unless there are firewall rules to block the connection. You can choose the following behavior for outbound connections:</maml:para>
<maml:table>
<maml:tableHeader><maml:row>
<maml:entry><maml:para>Selection</maml:para></maml:entry>
<maml:entry><maml:para>Description</maml:para></maml:entry>
</maml:row></maml:tableHeader>

<maml:row>
<maml:entry><maml:para>Block</maml:para></maml:entry>
<maml:entry><maml:para>Blocks all connections that do not have firewall rules that explicitly allow the connection.</maml:para></maml:entry>
</maml:row>

<maml:row>
<maml:entry><maml:para>Allow (default)</maml:para></maml:entry>
<maml:entry><maml:para>Allows the connection unless there is a firewall rule that explicitly blocks the connection.</maml:para></maml:entry>
</maml:row>
</maml:table>

<maml:alertSet class="caution"><maml:title>Caution </maml:title><maml:para>If you set <maml:ui>Outbound connections</maml:ui> to <maml:ui>Block</maml:ui> and then deploy the firewall policy by using a Group Policy object (GPO), computers that receive it will not receive subsequent Group Policy updates unless you first create and deploy an outbound rule that enables Group Policy to work. Predefined rules for Core Networking include outbound rules that enable Group Policy to work. Ensure that these outbound rules are active, and thoroughly test firewall profiles before deploying the policy.</maml:para></maml:alertSet>
</maml:introduction></maml:section>

<maml:section><maml:title>Protected network connections</maml:title><maml:introduction>
<maml:para>Use these settings to specify which network adapters are subject to the configuration of this profile. Click <maml:ui>Customize</maml:ui> to display the <maml:navigationLink><maml:linkText>Customize Protected Network Connections for a Firewall Profile</maml:linkText><maml:uri href="mshelp://windows/?id=a4c3ccd0-9ec1-4da5-982d-6e65877b5db3"></maml:uri></maml:navigationLink> dialog box.</maml:para>
</maml:introduction></maml:section>
</maml:sections>

</maml:section>

<maml:section><maml:title>Settings</maml:title><maml:introduction>
<maml:para>Use these settings to configure settings for notifications, unicast response to multicast or broadcast traffic, and Group Policy rule merging. Click <maml:ui>Customize</maml:ui> to display the <maml:navigationLink><maml:linkText>Customize Settings for a Firewall Profile</maml:linkText><maml:uri href="mshelp://windows/?id=55215ddc-b9aa-4bac-9ec2-d5da5cb3932c"></maml:uri></maml:navigationLink> dialog box.</maml:para></maml:introduction></maml:section>

<maml:section><maml:title>Logging</maml:title><maml:introduction>
<maml:para>Use these settings to configure how Windows Firewall with Advanced Security logs events, how big the log file can grow, and where the log file is located. Click <maml:ui>Customize</maml:ui> to display the <maml:navigationLink><maml:linkText>Customize Logging Settings for a Firewall Profile</maml:linkText><maml:uri href="mshelp://windows/?id=58a40682-63b1-493a-9d97-940532cbbcd8"></maml:uri></maml:navigationLink> dialog box.</maml:para></maml:introduction></maml:section>
</maml:sections>
</maml:section><maml:section><maml:title>IPsec Settings tab</maml:title><maml:introduction>
<maml:para>Use this tab to configure the IPsec default and system-wide settings.</maml:para>
</maml:introduction>
<maml:sections>

<maml:section><maml:title>IPsec defaults</maml:title><maml:introduction>
<maml:para>Use these settings to configure the key exchange, data protection, and authentication methods used by IPsec to help protect network traffic. Click <maml:ui>Customize</maml:ui> to display the <maml:navigationLink><maml:linkText>Customize IPsec Settings</maml:linkText><maml:uri href="mshelp://windows/?id=66011489-1eee-4986-9373-565e557db23b"></maml:uri></maml:navigationLink> dialog box.</maml:para>
</maml:introduction></maml:section>

<maml:section><maml:title>IPsec exemptions</maml:title><maml:introduction>
<maml:para>Use this option to determine whether network traffic containing Internet Control Message Protocol (ICMP) messages are protected by IPsec.</maml:para>
<maml:para>ICMP is commonly used by network troubleshooting tools and procedures. Many network administrators exempt ICMP packets from IPsec protection to ensure that these messages are not blocked.</maml:para>
<maml:alertSet class="important"><maml:title>Important </maml:title><maml:para>This setting exempts ICMP from the IPsec portion of Windows Firewall with Advanced Security only. To ensure that ICMP packets are allowed through Windows Firewall, you must create and enable an inbound rule.</maml:para>
</maml:alertSet>

<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>If you enable file and printer sharing in the Network and Sharing Center, Windows Firewall with Advanced Security automatically enables firewall rules that allow commonly used ICMP packet types. However, this will also enable network features that are not related to ICMP. If you want to enable ICMP only, then create and enable a rule in Windows Firewall to allow inbound ICMP network packets.</maml:para></maml:alertSet>
</maml:introduction></maml:section>

<maml:section><maml:title>IPsec tunnel authorization</maml:title><maml:introduction>
<maml:para>Use this option when you have a connection security rule that creates an IPsec tunnel mode connection from a remote computer to the local computer, and you want to specify the users and computers that are permitted or denied access to the local computer through the tunnel. Select <maml:ui>Advanced</maml:ui>, and then click <maml:ui>Customize</maml:ui> to display the <maml:navigationLink><maml:linkText>Customize IPsec Tunnel Authorizations</maml:linkText><maml:uri href="mshelp://windows/?id=f637c2d4-a8aa-4e7a-b437-86b8e3accc7f"></maml:uri></maml:navigationLink> dialog box.</maml:para>
<maml:para>The authorizations you specify here are in effect only for those tunnel rules on which the <maml:ui>Apply authorization</maml:ui> option has been selected on the <maml:navigationLink><maml:linkText>Customize IPsec Tunneling Settings</maml:linkText><maml:uri href="mshelp://windows/?id=cd103e5b-9da9-438d-a9b8-ed96384a17f2"></maml:uri></maml:navigationLink> dialog box.</maml:para>

</maml:introduction></maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Dialog Box: Add or Edit IP Addresses</maml:title><maml:introduction><maml:para>Use this dialog box to specify computers by IP address. You can use either Internet Protocol version 4 (IPv4) or Internet Protocol version 6 (IPv6) addresses. You can also specify an entire subnet.</maml:para>

<maml:procedure><maml:title>To get to this dialog box</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>When creating a firewall rule by using the New Firewall Rule wizard, on the <maml:ui>Scope</maml:ui> page, select <maml:ui>These IP addresses</maml:ui>, and then click <maml:ui>Add</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>When modifying an existing firewall rule, on the <maml:ui>Scope</maml:ui> tab, select <maml:ui>These IP addresses</maml:ui>, and then click <maml:ui>Add</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>When creating a connection security rule by using the Connection Security Rule wizard, on the <maml:ui>Endpoints</maml:ui> page, select <maml:ui>These IP addresses</maml:ui>, and then click <maml:ui>Add</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>When modifying an existing connection security rule, on the <maml:ui>Computers</maml:ui> tab, select <maml:ui>These IP addresses</maml:ui>, and then click <maml:ui>Add</maml:ui>.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>This IP address or subnet</maml:title><maml:introduction>
<maml:para>You can specify a single IP address or a subnet for either IPv4 or IPv6 addresses. To specify a subnet, enter the IP address using syntax similar to the following:</maml:para>
<maml:para><maml:codeInline>192.168.1.0/24</maml:codeInline></maml:para>
<maml:para>The number following the forward slash (/) represents the number of bits in the subnet mask. 32 bits are possible. In this example, 24 means that the first three octets are the subnet address and the last octet is the host ID within the subnet. The bits representing the host ID must be 0. The example corresponds to a subnet mask of 255.255.255.0.</maml:para>
<maml:para>For an IPv6 address, use the same syntax. The number after the forward slash represents the number of bits in the subnet mask. 128 bits are possible. The bits representing the host ID must be 0. For example:</maml:para>
<maml:para><maml:codeInline>2001:8e6c:6456:1c99::/64</maml:codeInline></maml:para>
</maml:introduction></maml:section><maml:section><maml:title>This IP address range</maml:title><maml:introduction>
<maml:para>Enter two IP addresses. The lower numbered address must precede the higher numbered address in the range. The range consists of all IP addresses between the beginning and ending IP addresses. The two range endpoints must use the same IP version, either IPv4 or IPv6.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Predefined set of computers</maml:title><maml:introduction>
<maml:para>You can specify one of the following sets of predefined computers:</maml:para>
<maml:list class="unordered">
<maml:listItem><maml:para><maml:ui>Default gateway</maml:ui>. Uses the IP address currently set as the default gateway of the local computer. </maml:para></maml:listItem>
<maml:listItem><maml:para><maml:ui>WINS servers</maml:ui>. Uses the IP addresses for the computers currently configured to provide WINS services to the local computer.</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:ui>DHCP servers</maml:ui>. Uses the IP addresses for the computers currently configured to provide DHCP services to the local computer.</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:ui>DNS servers</maml:ui>. Uses the IP addresses for the computers currently configured to provide DNS services to the local computer.</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:ui>Local subnet</maml:ui>. Uses the IP address and subnet mask of the local computer to dynamically determine addresses that are part of the computerâ€™s local subnet.</maml:para></maml:listItem>
</maml:list>
</maml:introduction></maml:section></maml:sections></maml:content><maml:relatedLinks type="seeAlso"><maml:title>See Also</maml:title><maml:navigationLink><maml:linkText>User Interface: Windows Firewall with Advanced Security</maml:linkText><maml:uri href="mshelp://windows/?id=c243c092-48c6-4073-9b19-b9c98c931582"></maml:uri></maml:navigationLink></maml:relatedLinks></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Connection Security Rule Property Page: General Tab</maml:title><maml:introduction>
<maml:para>This tab has general information about the rule, including its name, a description, and whether the rule is enabled.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Name</maml:title><maml:introduction>
<maml:para>Each rule must have a unique name. Do not use the name â€œallâ€ because that name conflicts with the <maml:phrase>all</maml:phrase> keyword used by the Netsh command-line tool.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Description</maml:title><maml:introduction>
<maml:para>We recommend that you provide a comprehensive description for your connection security rule. Include logical names of affected computers because the rule properties contain IP addresses only.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Enabled</maml:title><maml:introduction>
<maml:para>Select this option to activate the rule. If you clear this option, then the rule is disabled, but not deleted.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Connection Security Rule Properties Page</maml:linkText><maml:uri href="mshelp://windows/?id=101488a1-9f62-4797-9330-4937c888e371"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Connection Security Rule Properties Page</maml:title><maml:introduction>
<maml:para>This section describes the tabs that appear on the Connection Security Rule Properties page in Windows Firewall with Advanced Security.</maml:para>
<maml:list class="unordered">
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>General</maml:linkText><maml:uri href="mshelp://windows/?id=0ec58789-26f0-47cd-9f43-aa6e7d52db10"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Computers</maml:linkText><maml:uri href="mshelp://windows/?id=97e94c49-45b2-4af9-bcd8-07fff5c1618f"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Protocols and Ports</maml:linkText><maml:uri href="mshelp://windows/?id=d9626188-57c8-49b1-ad44-66e75119a5f9"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Authentication</maml:linkText><maml:uri href="mshelp://windows/?id=13da39e0-2a32-4ac4-a952-4391ae88c739"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Advanced</maml:linkText><maml:uri href="mshelp://windows/?id=ec590a1c-d105-4cf9-bf83-6606624c33db"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Connection Security Rule Wizard: Exempt Computers Page</maml:title><maml:introduction>
<maml:para>Use this wizard page to exempt computers or computer groups from being required to authenticate, regardless of other connection security rules. This rule type is commonly used to grant access to infrastructure computers that this computer must communicate with before authentications can be performed. It is also used for other computers that cannot use the form of authentication you configure for this policy and profile.</maml:para>
<maml:para>Infrastructure computers, such as ActiveÂ Directory domain controllers, certification authorities (CAs), or DHCP servers, might be allowed to communicate with this computer before authentication can be performed.</maml:para>
<maml:para>To create an authentication exemption rule, you only need to specify the computers or a group or range of IP addresses (computers) and give the rule a name and, optionally, a description.</maml:para>
<maml:procedure><maml:title>To get to this wizard page</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, right-click <maml:ui>Connection Security Rules</maml:ui>, and then click <maml:ui>New Rule</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>On the <maml:ui>Rule Type</maml:ui> page, select <maml:ui>Authentication Exemption</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In <maml:ui>Steps</maml:ui>, click <maml:ui>Exempt Computers</maml:ui>.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Exempt Computers</maml:title><maml:introduction>
<maml:para>On this wizard page, you add one or more computers or computer groups to the list to exempt them from authentication requirements. Click <maml:ui>Add</maml:ui> to specify computers by Internet Protocol version 4 (IPv4) or Internet Protocol version 6 (IPv6) address, subnet, IP address range, or by using one of the predefined IP addresses: default gateway, WINS servers, DHCP servers, DNS servers, or local subnet. The local subnet is the collection of all computers available to this computer, except for any public IP addresses (interfaces). This includes both local area network (LAN) and wireless addresses.</maml:para>
<maml:para>When you click <maml:ui>Add</maml:ui> or <maml:ui>Edit</maml:ui>, the <maml:ui>IP Address</maml:ui> dialog box is displayed.</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>Although the computers listed on this page are exempt from authentication, they might still be blocked by Windows Firewall unless a firewall rule allows them to connect.</maml:para></maml:alertSet>
</maml:introduction></maml:section><maml:section><maml:title>How to change these settings</maml:title><maml:introduction>
<maml:para>After you create the connection security rule, you can change these settings in the <maml:ui>Connection Security Rule Properties</maml:ui> dialog box. This dialog box opens when you double-click a rule in <maml:ui>Connection Security Rules</maml:ui>. To change the computers that are exempt, click the <maml:ui>Computers</maml:ui> tab. The setting that indicates that this is an exemption rule appears on the <maml:ui>Authentication</maml:ui> tab. <maml:ui>Authentication mode</maml:ui> is set to <maml:ui>Do not authenticate</maml:ui>.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Connection Security Rule Wizard</maml:linkText><maml:uri href="mshelp://windows/?id=2318ec3c-e196-4a43-9d79-70ca7c52194a"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Connection Security Rule Properties Page: Authentication Tab</maml:title><maml:introduction>
<maml:para>Use this tab of the <maml:ui>Connection Security Rule Properties</maml:ui> dialog box to specify the authentication requirements and protocols that are used to protect network traffic that matches this rule.</maml:para>
<maml:procedure><maml:title>To get to this tab</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, click <maml:ui>Connection Security Rules</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Right-click the rule that you want to modify, and then click <maml:ui>Properties</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click the <maml:ui>Authentication</maml:ui> tab.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Requirements</maml:title><maml:introduction>
<maml:para>Under <maml:ui>Authentication mode</maml:ui>, select one of the following options to indicate whether authentication of network traffic is required or requested.</maml:para>
<maml:table>
<maml:tableHeader><maml:row>
<maml:entry><maml:para>Option</maml:para></maml:entry>
<maml:entry><maml:para>Description</maml:para></maml:entry></maml:row></maml:tableHeader>

<maml:row><maml:entry><maml:para>Do not authenticate</maml:para></maml:entry>
<maml:entry><maml:para>Select this option to make the rule an authentication exemption rule. Network traffic that matches this rule is not authenticated by Internet Protocol security (IPsec) on this computer. The option is also valid on tunnel mode rules that are created by using the <maml:ui>Custom Configuration</maml:ui> or <maml:ui>Client-to-Gateway</maml:ui> options.</maml:para></maml:entry></maml:row>

<maml:row><maml:entry><maml:para>Request inbound and outbound</maml:para></maml:entry>
<maml:entry><maml:para>Connections are authenticated if possible, but the connections are allowed if authentication fails.</maml:para></maml:entry></maml:row>

<maml:row><maml:entry><maml:para>Require inbound and request outbound</maml:para></maml:entry>
<maml:entry><maml:para>All inbound network connections must be authenticated or they fail. Outbound connections are authenticated if possible, but are allowed if authentication fails. </maml:para></maml:entry></maml:row>

<maml:row><maml:entry><maml:para>Require inbound and outbound</maml:para></maml:entry>
<maml:entry><maml:para>Only connections that are authenticated are allowed.</maml:para></maml:entry></maml:row>

<maml:row><maml:entry><maml:para>Require inbound and clear outbound</maml:para></maml:entry>
<maml:entry><maml:para>All inbound network connections must be authenticated or they fail. Outbound connections are not authenticated. </maml:para>
<maml:alertSet class="security"><maml:title>Security Note </maml:title><maml:para>We recommend that you use this setting only when required on an IPsec gateway that must be able to initiate communications with computers that cannot use IPsec on the Internet.</maml:para></maml:alertSet></maml:entry></maml:row>
</maml:table>
</maml:introduction></maml:section><maml:section><maml:title>Method</maml:title><maml:introduction>
<maml:para>Use these settings to configure the type of authentication used by this connection security rule.</maml:para>
<maml:para>For more information about the authentication methods, see <maml:navigationLink><maml:linkText>IPsec Algorithms and Methods Supported in Windows</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?linkid=129230"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=129230).</maml:para>
<maml:para>If you choose <maml:ui>Advanced</maml:ui>, then you must click <maml:ui>Customize</maml:ui> and add the authentication methods by using the <maml:ui>Customize Advanced Authentication Methods</maml:ui> dialog box.</maml:para>

</maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Connection Security Rule Properties Page</maml:linkText><maml:uri href="mshelp://windows/?id=101488a1-9f62-4797-9330-4937c888e371"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Firewall Rule Properties Page</maml:title><maml:introduction>
<maml:para>This section describes the tabs on the <maml:ui>Firewall Rule Properties</maml:ui> page in Windows Firewall with Advanced Security.</maml:para>
<maml:list class="unordered">
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>General</maml:linkText><maml:uri href="mshelp://windows/?id=5147487b-bb6a-40e4-b8ee-f263c52bee24"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Programs and Services</maml:linkText><maml:uri href="mshelp://windows/?id=ee8441ab-55b4-4ce3-b658-d4e28320a010"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Protocols and Ports</maml:linkText><maml:uri href="mshelp://windows/?id=14f25442-df7f-4c80-9ffc-b01781b2b246"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Scope</maml:linkText><maml:uri href="mshelp://windows/?id=950c636f-f858-4852-8a78-b3222cd57bff"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Advanced</maml:linkText><maml:uri href="mshelp://windows/?id=b8b120da-821c-45f1-86ee-d7303f6b500a"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Computers</maml:linkText><maml:uri href="mshelp://windows/?id=ccd5048b-bdba-47b7-8658-9f8bbbcec7fb"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Users</maml:linkText><maml:uri href="mshelp://windows/?id=53df2676-ea86-4670-8f48-b113383a0992"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Firewall Rule Properties Page: Protocols and Ports Tab</maml:title><maml:introduction>
<maml:para>Use this tab to specify which protocols and ports in a network packet match this firewall rule.</maml:para>

<maml:procedure><maml:title>To get to this tab</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, in either <maml:ui>Inbound Rules</maml:ui> or <maml:ui>Outbound Rules</maml:ui>, double-click the firewall rule you want to modify, and then click the <maml:ui>Protocols and Ports</maml:ui> tab.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Protocol type</maml:title><maml:introduction>
<maml:para>Select the protocol whose network traffic you want to filter with this firewall rule. If the protocol you want is not in the list, then select <maml:ui>Custom</maml:ui>, and type the protocol number in <maml:ui>Protocol number</maml:ui>. You can use any protocol number listed by the Internet Assigned Numbers Authority (IANA).</maml:para>
<maml:para>If you specify TCP or UDP in the list, then you can specify the TCP or UDP port numbers in <maml:ui>Endpoint 1 port</maml:ui> and <maml:ui>Endpoint 2 port</maml:ui>.</maml:para>
<maml:para>For a list of the protocols, their protocol numbers and a brief description, see <maml:navigationLink><maml:linkText>Firewall Rule Properties Page: Protocol and Ports Tab</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?linkid=137823"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=137823) in the TechNet Library.</maml:para>

</maml:introduction></maml:section><maml:section><maml:title>Local port</maml:title><maml:introduction>
<maml:para>If you are using the TCP or UDP protocol type, you can specify the local port by using one of the choices from the drop-down list or by specifying a port or a list of ports. The local port is the port on the computer on which the firewall profile is applied.</maml:para>
<maml:para>The following options are available for inbound rules:</maml:para>
<maml:list class="unordered">
<maml:listItem><maml:para><maml:phrase>All Ports</maml:phrase>. Available for both TCP and UDP on inbound and outbound rules. Selecting this option specifies that all of the ports for the selected protocol match the rule. </maml:para></maml:listItem>
<maml:listItem><maml:para><maml:phrase>Specific Ports</maml:phrase>. Available for both TCP and UDP on inbound and outbound rules. Selecting this option enables the text box where you can type the port numbers you need. Separate port numbers with commas and include ranges by separating the low and high values with a hyphen.</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:phrase>RPC Endpoint Mapper</maml:phrase>. Available for TCP on inbound rules only. Selecting this option allows the local computer to receive incoming RPC requests on TCP port 135 to the RPC Endpoint Mapper (RPC-EM). A request to the RPC-EM identifies a network service and asks for the port number on which the specified network service is listening. RPC-EM responds with the port number to which the remote computer should send further network traffic for the service. This option also enables RPC-EM to receive RPC over HTTP requests.</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:phrase>RPC Dynamic Ports</maml:phrase>. Available for TCP on inbound rules only. Selecting this option allows the local computer to receive inbound network packets to ports assigned by the RPC runtime. Ports in the RPC ephemeral range are blocked by Windows Firewall unless assigned by the RPC runtime to a specific RPC network service. Only the program to which the RPC runtime assigned the port can receive inbound traffic on that port.</maml:para>
<maml:alertSet class="important"><maml:title>Important </maml:title><maml:alert>Creating rules to allow RPC network traffic by using the RPC Endpoint Mapper and RPC dynamic ports options allows all RPC network traffic. Windows Firewall cannot filter RPC traffic by the universally unique identifier (UUID) of the destination program.</maml:alert><maml:alert>When an application uses RPC to communicate from a client to a server, you must typically create two rules, one for RPC Endpoint Mapper and one for Dynamic RPC.</maml:alert></maml:alertSet>
</maml:listItem>
<maml:listItem><maml:para><maml:phrase>IPHTTPS</maml:phrase>. Available for TCP only. Available under <maml:ui>Local port</maml:ui> for inbound rules. Selecting this option allows the local computer to receive incoming IP over HTTPS (IPTHTTPS) packets from a remote computer. IPHTTPS is a tunneling protocol that supports the embedding of Internet Protocol version 6 (IPv6) packets in IPv4 HTTPS network packets. This allows IPv6 traffic to traverse some IP proxies that do not support IPv6 or some of the other IPv6 transition technologies, such as Teredo and 6to4.</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:phrase>Edge Traversal</maml:phrase>. Available for UDP on inbound rules only. Selecting this option allows the local computer to receive incoming Teredo network packets. Teredo is an IPv4-to-IPv6 transition protocol.</maml:para></maml:listItem>
</maml:list>

</maml:introduction></maml:section><maml:section><maml:title>Remote port</maml:title><maml:introduction>
<maml:para>If you are using the TCP or UDP protocol type, you can specify the local port and remote port by using one of the choices from the drop-down list or by specifying a port or a list of ports. The remote port is the port on the computer that is attempting to communicate with the computer on which the firewall profile is applied.</maml:para>
<maml:para>The following options are available for inbound rules:</maml:para>
<maml:list class="unordered">
<maml:listItem><maml:para><maml:phrase>All Ports</maml:phrase>. Available for both TCP and UDP on inbound and outbound rules. Selecting this option specifies that all of the ports for the selected protocol match the rule. </maml:para></maml:listItem>
<maml:listItem><maml:para><maml:phrase>Specific Ports</maml:phrase>. Available for both TCP and UDP on inbound and outbound rules. Selecting this option enables the text box where you can type the port numbers that you need. Separate port numbers with commas and include ranges by separating the low and high values with a hyphen.</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:phrase>IPHTTPS</maml:phrase>. Available for TCP only. Available under <maml:ui>Remote port</maml:ui> for outbound rules. Selecting this option allows the local computer to send outbound IPTHTTPS packets to a remote computer. IPHTTPS is a tunneling protocol that supports embedding IPv6 packets in IPv4 HTTPS network packets. This allows IPv6 traffic to traverse some IP proxies that do not support IPv6 or some of the other IPv6 transition technologies, such as Teredo and 6to4.</maml:para></maml:listItem>
</maml:list>

</maml:introduction></maml:section><maml:section><maml:title>ICMP Settings</maml:title><maml:introduction>
<maml:para>Click <maml:ui>Customize</maml:ui> to configure settings for Internet Control Message Protocol (ICMP). The <maml:ui>Customize</maml:ui> button is enabled only when you choose the <maml:ui>ICMPv4</maml:ui> or <maml:ui>ICMPv6</maml:ui> protocol types. For more information, see <maml:navigationLink><maml:linkText>Dialog Box: Customize ICMP Settings</maml:linkText><maml:uri href="mshelp://windows/?id=8a0b490a-db5e-420f-8990-d0e30a17bc1a"></maml:uri></maml:navigationLink>.</maml:para></maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Firewall Rule Properties Page</maml:linkText><maml:uri href="mshelp://windows/?id=142a13a0-f0c4-4122-95d9-ecfb6f6391c4"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Firewall Rule Wizard: Action Page</maml:title><maml:introduction><maml:para>Use this wizard page when creating a firewall rule to specify the action Windows Firewall with Advanced Security will take for incoming or outgoing packets that match the rule criteria.</maml:para>

<maml:procedure><maml:title>To get to this wizard page</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, right-click either <maml:ui>Inbound Rules</maml:ui> or <maml:ui>Outbound Rules</maml:ui>, and then click <maml:ui>New Rule</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>This page is available on all rule types. Click <maml:ui>Next</maml:ui> through the wizard until you reach the <maml:ui>Action</maml:ui> page.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Allow the connection</maml:title><maml:introduction>
<maml:para>Use this option to allow network packets that match all criteria in the firewall rule.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Allow the connection if it is secure</maml:title><maml:introduction>
<maml:para>Use this option to specify that only connections that are protected by Internet Protocol security (IPsec) are allowed. IPsec settings are defined in separate connection security rules. By default, this setting requires both authentication and integrity protection. To configure the requirements, click <maml:ui>Customize</maml:ui>.</maml:para>
<maml:para>When you choose this option, the <maml:ui>Users</maml:ui> and <maml:ui>Computers</maml:ui> pages are automatically added to the wizard. You can use these pages to specify the users or computers to whom you want to grant or deny access, or leave the page blank to allow access to all users and computers. If you choose to specify users or computers, you must use an authentication method that includes user or computer information, as appropriate, because Windows Firewall with Advanced Security will use the authentication method from the connection security rule to match the users and computers you specify. For example, for computers, you can use <maml:ui>Computer (Kerberos V5)</maml:ui> or <maml:ui>Computer Certificate</maml:ui> with certificate-to-account mapping enabled. If you do not specify users or computers, you can use any authentication method.</maml:para>
<maml:para>For more information about how to customize the IPsec requirements for this option, see the <maml:navigationLink><maml:linkText>Customize Allow If Secure Settings</maml:linkText><maml:uri href="mshelp://windows/?id=1a81d9c6-f39f-4835-a00b-11d994247ca9"></maml:uri></maml:navigationLink> dialog box. For more information about restricting access to user or computers, see the <maml:navigationLink><maml:linkText>Users</maml:linkText><maml:uri href="mshelp://windows/?id=c85aba54-dcb3-45be-b1bd-271d579da6fc"></maml:uri></maml:navigationLink> and <maml:navigationLink><maml:linkText>Computers</maml:linkText><maml:uri href="mshelp://windows/?id=5aaa1ce1-0a0e-4686-a4cf-d63cb0a351da"></maml:uri></maml:navigationLink> pages in the wizard.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Block the connection</maml:title><maml:introduction>
<maml:para>Use this option to explicitly block any network packet that matches the firewall rule criteria. The block action takes precedence over the allow action, unless the <maml:ui>Override block rules</maml:ui> option is selected when the firewall rule is created.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>How to change these settings</maml:title><maml:introduction>
<maml:para>After you create the firewall rule, you can adjust these settings in the <maml:ui>Firewall Rule Properties</maml:ui> dialog box. This dialog box appears when you double-click a rule in <maml:ui>Inbound Rules</maml:ui> and <maml:ui>Outbound Rules</maml:ui>. To change these settings, select <maml:ui>Action</maml:ui> on the <maml:ui>General</maml:ui> tab.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Firewall Rule Wizard</maml:linkText><maml:uri href="mshelp://windows/?id=5886c961-2f7a-46f9-928b-2b906f2c354a"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Connection Security Rule Wizard: Rule Type Page</maml:title><maml:introduction>
<maml:para>You can use the New Connection Security Rule wizard to create Internet Protocol security (IPsec) rules to meet different network security goals. Use this page to select the type of rule that you want to create.</maml:para>
<maml:para>The wizard provides four predefined rule types. You can also create a custom rule. </maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>As a best practice, give each connection security rule a unique name so that you can later use the Netsh command-line tool to manage your rules. Do not name a security rule â€allâ€ because that name conflicts with the <maml:computerOutputInline>all</maml:computerOutputInline> keyword in the <maml:computerOutputInline>netsh</maml:computerOutputInline> command.</maml:para></maml:alertSet>
<maml:procedure><maml:title>To get to this wizard page</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, right-click <maml:ui>Connection Security Rules</maml:ui>, and then click <maml:ui>New Rule</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>The <maml:ui>Rule Type</maml:ui> page is displayed.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Isolation</maml:title><maml:introduction>
<maml:para>An isolation rule restricts connections based on authentication criteria that you define. For example, you can use this rule type to isolate computers that are joined to your domain from computers that are outside your domain, such as computers on the Internet. If you select this rule type, then the following pages in addition to the <maml:ui>Name</maml:ui> page are enabled in the wizard:</maml:para>
<maml:list class="unordered">
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Requirements</maml:linkText><maml:uri href="mshelp://windows/?id=6a710a38-a254-4a80-9a53-6ea2e0816d24"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Authentication Method</maml:linkText><maml:uri href="mshelp://windows/?id=d43f0fad-14d0-4def-8440-631d6e8fe905"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Profile</maml:linkText><maml:uri href="mshelp://windows/?id=9fcdfb8b-6e47-4c72-b6f3-cb6e5fdb529f"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
</maml:list>
</maml:introduction></maml:section><maml:section><maml:title>Authentication exemption</maml:title><maml:introduction>
<maml:para>Use this option to create a rule that exempts specified computers from being required to authenticate, regardless of other connection security rules. This rule type is typically used to grant access to infrastructure computers, such as Active Directory domain controllers, certification authorities (CAs), or DHCP servers, that this computer must communicate with before authentication can be performed. It is also used for computers that cannot use the form of authentication you configured for this policy and profile.</maml:para>
<maml:para>If you select this rule type, then the following pages in addition to the <maml:ui>Name</maml:ui> page are enabled in the wizard:</maml:para>
<maml:list class="unordered">
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Exempt Computers</maml:linkText><maml:uri href="mshelp://windows/?id=12452b6f-dce5-4515-bfdd-455f08c77e5a"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Profile</maml:linkText><maml:uri href="mshelp://windows/?id=9fcdfb8b-6e47-4c72-b6f3-cb6e5fdb529f"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
</maml:list>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>Although the computers are exempt from authentication, network traffic from them might still be blocked by Windows Firewall unless a firewall rule allows them to connect.</maml:para></maml:alertSet>
</maml:introduction></maml:section><maml:section><maml:title>Server-to-server</maml:title><maml:introduction>
<maml:para>Use this rule type to authenticate the communications between two specified computers, between two groups of computers, between two subnets, or between a specified computer and a group of computers or a subnet. You might use this rule to authenticate the traffic between a database server and a business-layer computer, or between an infrastructure computer and another server. This rule is similar to the isolation rule type, but the <maml:ui>Endpoints</maml:ui> page will be displayed so that you can identify the computers that are affected by this rule.</maml:para>
<maml:para>If you select this rule type, then the following pages in addition to the <maml:ui>Name</maml:ui> page are enabled in the wizard:</maml:para>
<maml:list class="unordered">
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Endpoints</maml:linkText><maml:uri href="mshelp://windows/?id=8039b8d4-e87b-4aac-9c09-6a34cc73f1b6"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Requirements</maml:linkText><maml:uri href="mshelp://windows/?id=6a710a38-a254-4a80-9a53-6ea2e0816d24"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Authentication Method</maml:linkText><maml:uri href="mshelp://windows/?id=d43f0fad-14d0-4def-8440-631d6e8fe905"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Profile</maml:linkText><maml:uri href="mshelp://windows/?id=9fcdfb8b-6e47-4c72-b6f3-cb6e5fdb529f"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
</maml:list>
</maml:introduction></maml:section><maml:section><maml:title>Tunnel</maml:title><maml:introduction>
<maml:para>Use this rule type to secure communications between two computers by using tunnel mode, instead of transport mode, in IPsec. Tunnel mode embeds the entire network packet in a network packet that is routed between two defined endpoints. For each endpoint, you can specify a single computer that receives and consumes the network traffic sent through the tunnel, or you can specify a gateway computer that connects to a private network onto which the received traffic is routed after the receiving tunnel endpoint extracts it from the tunnel.</maml:para>
<maml:para>If you select this rule type, then the following pages in addition to the <maml:ui>Name</maml:ui> page are enabled in the wizard:</maml:para>
<maml:list class="unordered">
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Tunnel Type</maml:linkText><maml:uri href="mshelp://windows/?id=710fa446-c600-4691-ae28-37a9824fb95d"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Requirements</maml:linkText><maml:uri href="mshelp://windows/?id=6a710a38-a254-4a80-9a53-6ea2e0816d24"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Tunnel Endpoints</maml:linkText><maml:uri href="mshelp://windows/?id=85c69539-f0c0-474c-9860-d220293ab2d6"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Authentication Method</maml:linkText><maml:uri href="mshelp://windows/?id=d43f0fad-14d0-4def-8440-631d6e8fe905"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Profile</maml:linkText><maml:uri href="mshelp://windows/?id=9fcdfb8b-6e47-4c72-b6f3-cb6e5fdb529f"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
</maml:list>
</maml:introduction></maml:section><maml:section><maml:title>Custom</maml:title><maml:introduction>
<maml:para>Use this rule type to create a rule that requires special settings. This option enables all of the wizard pages except those that are used only to create tunnel rules.</maml:para>
<maml:list class="unordered">
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Endpoints</maml:linkText><maml:uri href="mshelp://windows/?id=8039b8d4-e87b-4aac-9c09-6a34cc73f1b6"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Requirements</maml:linkText><maml:uri href="mshelp://windows/?id=6a710a38-a254-4a80-9a53-6ea2e0816d24"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Authentication Method</maml:linkText><maml:uri href="mshelp://windows/?id=d43f0fad-14d0-4def-8440-631d6e8fe905"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Protocols and Ports</maml:linkText><maml:uri href="mshelp://windows/?id=e98f04c7-99c8-4816-a640-da8e73a14db3"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Profile</maml:linkText><maml:uri href="mshelp://windows/?id=9fcdfb8b-6e47-4c72-b6f3-cb6e5fdb529f"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
</maml:list>
</maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Connection Security Rule Wizard</maml:linkText><maml:uri href="mshelp://windows/?id=2318ec3c-e196-4a43-9d79-70ca7c52194a"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Overview of Windows Firewall with Advanced Security</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section address="bkmk_WhatisWindowsFirewallwithAdvancedSecurity"><maml:title>What is Windows Firewall with Advanced Security?</maml:title><maml:introduction>
<maml:para>Windows Firewall with Advanced Security combines a host firewall and Internet Protocol security (IPsec). Unlike a perimeter firewall, Windows Firewall with Advanced Security runs on each computer running this version of Windows and provides local protection from network attacks that might pass through your perimeter network or originate inside your organization. It also provides computer-to-computer connection security by allowing you to require authentication and data protection for communications.</maml:para>
<maml:alertSet class="important"><maml:title>Important </maml:title><maml:para>Windows Firewall with Advanced Security is designed for use by IT administrators who need to manage network security in an enterprise environment. It is not intended for use in home networks. Home users should consider using the Windows Firewall program available in Control Panel instead.</maml:para></maml:alertSet>
<maml:para>Windows Firewall with Advanced Security is a stateful firewall that inspects and filters all packets for IP version 4 (IPv4) and IP version 6 (IPv6) traffic. In this context, filter means to allow or block network traffic by processing it through administrator-defined rules. By default, incoming traffic is blocked unless it is a response to a request by the host (solicited traffic) or it is specifically allowed (that is, a firewall rule has been created to allow the traffic). You can configure Windows Firewall with Advanced Security to explicitly allow traffic by specifying a port number, application name, service name, or other criteria.</maml:para>

<maml:para>Windows Firewall with Advanced Security also allows you to request or require that computers authenticate each other before communicating, and to require the use of data integrity or data encryption when communicating.</maml:para>

<maml:para>For more information, see <maml:navigationLink><maml:linkText>Overview of Windows Firewall with Advanced Security</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?linkid=137800"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=137800) in the TechNet Library.</maml:para>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Dialog Box: Customize Allow If Secure Settings</maml:title><maml:introduction>
<maml:para>When you select <maml:ui>Allow the connection if it is secure</maml:ui> in a firewall rule, you are specifying that the network packets must be protected by Internet Protocol security (IPsec) or the packet does not match the rule. If you click <maml:ui>Customize</maml:ui> next to that option, you can configure these options that allow you to specify the type of IPsec protection that is required.</maml:para>
<maml:para>You must select one of the first three options described below. The last option, <maml:ui>Override block rules</maml:ui>, can be selected independently of the other options.</maml:para>
<maml:procedure><maml:title>To get to this dialog box</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>When creating a firewall rule by using the New Firewall Rule wizard, on the <maml:ui>Action</maml:ui> page, click <maml:ui>Allow the connection if it is secure</maml:ui>, and then click <maml:ui>Customize</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>When modifying an existing firewall rule, on the <maml:ui>General</maml:ui> tab, select <maml:ui>Allow the connection if it is secure</maml:ui>, and then click <maml:ui>Customize</maml:ui>.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Allow the connection if it is authenticated and integrity-protected</maml:title><maml:introduction>
<maml:para>This is the default option. Use this option to require that all matching network packets use both IPsec authentication and integrity algorithms as defined in a separate connection security rule. If a network packet matching all other criteria is neither authenticated nor protected with an integrity algorithm, then it does not match this rule and is blocked.</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>This setting is supported when applied to computers running WindowsÂ Vista or later versions of Windows.</maml:para></maml:alertSet>
</maml:introduction></maml:section><maml:section><maml:title>Require the connection to be encrypted</maml:title><maml:introduction>
<maml:para>Use this option to require that all matching network packets use data encryption as defined in a separate connection security rule. If a network packet matching all other criteria is not encrypted, then it does not match this rule and is blocked. When this option is enabled, Windows Firewall with Advanced Security uses the settings on the <maml:ui>Customize Data Protection Settings</maml:ui> dialog box.</maml:para>
</maml:introduction><maml:sections>

<maml:section><maml:title>Allow the computers to dynamically negotiate encryption</maml:title><maml:introduction>
<maml:para>This option is available for inbound rules only. Use this option to allow the network connection, after authentication succeeds, to send and receive unencrypted network traffic while the encryption algorithms are negotiated.</maml:para>
<maml:alertSet class="security"><maml:title>Security Note </maml:title><maml:para>While encryption is being negotiated, the network traffic is sent as clear text. Do not specify this option if the network traffic sent over the connection during this period is too sensitive for plain text transmission.</maml:para></maml:alertSet>
</maml:introduction></maml:section>
</maml:sections></maml:section><maml:section><maml:title>Allow the connection to use null encapsulation</maml:title><maml:introduction>
<maml:para>Use this option to require that all matching network packets use IPsec authentication, but do not require integrity or encryption protection. We recommend that you use this option only when you have network equipment or software that is not compatible with either the Encapsulating Security Payload (ESP) or Authentication Header (AH) integrity protocols.</maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>This setting is supported when applied to computers running WindowsÂ 7 or Windows ServerÂ 2008Â R2. It does not apply to computers running earlier versions of Windows.</maml:para></maml:alertSet>
</maml:introduction></maml:section><maml:section><maml:title>Override block rules</maml:title><maml:introduction>
<maml:para>Use this option to allow network packets that match this firewall rule to override any block firewall rules. This option is referred to as <maml:newTerm>authenticated bypass</maml:newTerm>. Normally, rules that explicitly block connections have priority over rules that allow connections. If you use this option, the connection is allowed even if another rule would block the connection. You are effectively stating that network traffic that matches this rule is allowed because it is authenticated as coming from an authorized and trusted user or computer. </maml:para>
<maml:para>This option is typically used to allow trusted programs, such as network vulnerability scanners and other networking tools, to run without restrictions. Although a typical firewall configuration does and should block network traffic from such devices, you can create a rule that identifies authorized computers. The <maml:ui>Override block rules</maml:ui> option allows traffic from these authorized computers only. If you do not use this option, any block firewall rules that match the same firewall rule criteria will take precedence, and the connections will be blocked. </maml:para>
<maml:para>If you select this option, you must specify at least one computer or computer group for authorization on the <maml:ui>Computers</maml:ui> page of the New Firewall Rule wizard or the <maml:ui>Computers</maml:ui> tab of the <maml:ui>Firewall Rule Properties</maml:ui> dialog box.</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>If you configure the firewall operational state to <maml:ui>Block all connections</maml:ui> on the <maml:ui>Windows Firewall with Advanced Security Properties</maml:ui> dialog box, then all network traffic is blocked even if this option is set.</maml:para></maml:alertSet>
</maml:introduction></maml:section></maml:sections></maml:content><maml:relatedLinks type="seeAlso"><maml:title>See Also</maml:title><maml:navigationLink><maml:linkText>User Interface: Windows Firewall with Advanced Security</maml:linkText><maml:uri href="mshelp://windows/?id=c243c092-48c6-4073-9b19-b9c98c931582"></maml:uri></maml:navigationLink></maml:relatedLinks></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Monitored Firewall Rules Properties Page</maml:title><maml:introduction>
<maml:para>This section describes the tabs on the <maml:ui>Firewall Rule Properties</maml:ui> page for rules displayed in <maml:ui>Monitoring</maml:ui> in Windows Firewall with Advanced Security. </maml:para>

<maml:procedure><maml:title>To get to this page</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, expand <maml:ui>Monitoring</maml:ui>, and then expand <maml:ui>Firewall</maml:ui>. </maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Double-click the firewall rule that you want to examine.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>Only active firewall rules, those assigned to currently active network profiles, are displayed in <maml:ui>Monitoring</maml:ui>. </maml:para></maml:alertSet>
<maml:para>For a description of each tab on the property page, see the following topics:</maml:para>
<maml:list class="unordered">
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>General</maml:linkText><maml:uri href="mshelp://windows/?id=52a543f3-3baa-42d9-8614-25293d0e3f62"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Programs and Ports</maml:linkText><maml:uri href="mshelp://windows/?id=99ae4ae7-1d65-4020-b26c-bfaf2df8ba6b"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Advanced</maml:linkText><maml:uri href="mshelp://windows/?id=d857a0e4-9ae0-4ee0-84a1-13100e8e5948"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Dialog Box: Add or Edit Integrity Algorithms</maml:title><maml:introduction>
<maml:para>Use this dialog box to configure a data integrity algorithm offer that is available when negotiating quick mode security associations. You must specify both the protocol and the algorithm used to protect the integrity of the data in the network packet.</maml:para>
<maml:para>Internet Protocol security (IPsec) provides integrity by calculating a hash generated from the data in the network packet. The hash is then cryptographically signed (encrypted) and embedded in the IP packet. The receiving computer uses the same algorithm to calculate the hash and compares its result to the hash that is embedded in the received packet. If it matches, then the information received is exactly the same as the information sent, and the packet is accepted. If it does not match, then the packet is dropped.</maml:para>
<maml:para>Using an encrypted hash of the transmitted message makes it computationally infeasible to change the message without causing a mismatch of the hash. This is critical when data is exchanged over an unsecured network, such as the Internet, because it provides a way to know that the message was not changed during transit.</maml:para>
<maml:procedure><maml:title>How to get to this dialog box</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>On the Windows Firewall with Advanced Security MMC snap-in page, in <maml:ui>Overview</maml:ui>, click <maml:ui>Windows Firewall Properties</maml:ui>. </maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click the <maml:ui>IPsec Settings</maml:ui> tab. </maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Under <maml:ui>IPsec defaults</maml:ui>, click <maml:ui>Customize</maml:ui>. </maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Under <maml:ui>Data protection (Quick Mode)</maml:ui>, select <maml:ui>Advanced</maml:ui>, and then click <maml:ui>Customize</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Under <maml:ui>Data integrity</maml:ui>, select an algorithm combination from the list, and click <maml:ui>Edit</maml:ui> or <maml:ui>Add</maml:ui>.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Protocol</maml:title><maml:introduction>
<maml:para>The following protocols are used to embed the integrity information into an IP packet.</maml:para>
</maml:introduction>
<maml:sections><maml:section><maml:title>ESP (recommended)</maml:title><maml:introduction>
<maml:para>ESP provides authentication, integrity, and anti-replay protection for the IP payload. ESP used in transport mode does not sign the entire packet. Only the IP payload, not the IP header, is protected. ESP can be used alone or in combination with AH. With ESP, the hash calculation includes the ESP header, trailer, and payload only. ESP can optionally provide data confidentiality services by encrypting the ESP payload with one of several supported encryption algorithms. Packet replay services are provided through the inclusion of a sequence number for each packet.</maml:para>
</maml:introduction></maml:section>

<maml:section><maml:title>AH</maml:title><maml:introduction>
<maml:para>AH provides authentication, integrity, and anti-replay for the entire packet (both the IP header and the data payload carried in the packet). It does not provide confidentiality, which means that it does not encrypt the data. The data is readable, but protected from modification. Some fields that are allowed to change in transit are excluded from the hash calculation. Packet replay services are provided through the inclusion of a sequence number for each packet.</maml:para>
<maml:alertSet class="important"><maml:title>Important </maml:title><maml:para>The AH protocol is not compatible with network address translation (NAT) because NAT devices change information in some of the packet headers that are included in the integrity hash. To allow IPsec-based traffic to pass through a NAT device, you must use ESP and ensure that NAT Traversal (NAT-T) is enabled on the IPsec peer computers.</maml:para></maml:alertSet>
</maml:introduction></maml:section>

<maml:section><maml:title>Null encapsulation</maml:title><maml:introduction>
<maml:para>Null encapsulation specifies that you do not want to use any integrity or encryption protection on your network traffic. Authentication is still performed as required by the connection security rules, but no other protection is provided to the network packets that are exchanged through this security association.</maml:para>
<maml:alertSet class="security"><maml:title>Security Note </maml:title><maml:para>Because this option provides no integrity or confidentiality protection of any kind, we recommend that you use it only if you must support software or network devices that are not compatible with ESP or AH.</maml:para></maml:alertSet>
</maml:introduction></maml:section>
</maml:sections></maml:section><maml:section><maml:title>Algorithms</maml:title><maml:introduction>
<maml:para>The following integrity algorithms are available to computers running this version of Windows. Some of these algorithms are not available on computers running other versions of Windows. If you must establish IPsec-protected connections with a computer running an earlier version of Windows, then you must include algorithm options that are compatible with the earlier version.</maml:para>
<maml:para>For more information, see <maml:navigationLink><maml:linkText>IPsec Algorithms and Methods Supported in Windows</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkID=129230"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkID=129230).</maml:para>
<maml:list class="unordered">
<maml:listItem><maml:para>AES-GMAC 256</maml:para></maml:listItem>
<maml:listItem><maml:para>AES-GMAC 192</maml:para></maml:listItem>
<maml:listItem><maml:para>AES-GMAC 128</maml:para></maml:listItem>
<maml:listItem><maml:para>SHA-1</maml:para></maml:listItem>
<maml:listItem><maml:para>MD5</maml:para>
<maml:alertSet class="caution"><maml:title>Caution </maml:title><maml:para>MD5 is no longer considered secure and should only be used for testing purposes or in cases in which the remote computer cannot use a more secure algorithm. It is provided for backward compatibility only.</maml:para></maml:alertSet></maml:listItem>
</maml:list>
</maml:introduction></maml:section><maml:section><maml:title>Key lifetimes</maml:title><maml:introduction>
<maml:para>Lifetime settings determine when a new key is generated. Key lifetimes allow you to force the generation of a new key after a specified time interval or after a specified amount of data has been transmitted. For example, if the communication takes 100 minutes and you specify a key lifetime of 10 minutes, 10 keys will be generated (one every 10 minutes) during the exchange. Using multiple keys ensures that if an attacker manages to gain the key to one part of a communication, the entire communication is not compromised.</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>This key regeneration is for quick mode data integrity only. These settings do not affect the key lifetime settings for main mode key exchange. </maml:para></maml:alertSet>
</maml:introduction>

<maml:sections>
<maml:section><maml:title>Minutes</maml:title><maml:introduction>
<maml:para>Use this setting to configure how long the key used in the quick mode security association lasts, in minutes. After this interval, a new key will be generated. Subsequent communications will use the new key.</maml:para>
<maml:para>The maximum lifetime is 2,879 minutes (48 hours). The minimum lifetime is 5 minutes. We recommend that you rekey only as frequently as your risk analysis requires. Excessively frequent rekeying can impact performance.</maml:para>
</maml:introduction></maml:section>

<maml:section><maml:title>KB</maml:title><maml:introduction>
<maml:para>Use this setting to configure how many kilobytes (KB) of data are sent using the key. After this threshold is reached, the counter is reset, and the key is regenerated. Subsequent communications will use the new key.</maml:para>
<maml:para>The maximum lifetime is 2,147,483,647 KB. The minimum lifetime is 20,480 KB. We recommend that you rekey only as frequently as your risk analysis requires. Excessively frequent rekeying can impact performance.</maml:para>
</maml:introduction></maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content><maml:relatedLinks type="seeAlso"><maml:title>See Also</maml:title><maml:navigationLink><maml:linkText>User Interface: Windows Firewall with Advanced Security</maml:linkText><maml:uri href="mshelp://windows/?id=c243c092-48c6-4073-9b19-b9c98c931582"></maml:uri></maml:navigationLink></maml:relatedLinks></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Connection Security Rule Wizard</maml:title><maml:introduction>
<maml:para>This section describes the Connection Security Rule Wizard pages in Windows Firewall with Advanced Security.</maml:para>
<maml:list class="unordered">
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Rule Type</maml:linkText><maml:uri href="mshelp://windows/?id=18ddcbbd-4939-492c-a716-f1fccc468c18"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Endpoints</maml:linkText><maml:uri href="mshelp://windows/?id=8039b8d4-e87b-4aac-9c09-6a34cc73f1b6"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Requirements</maml:linkText><maml:uri href="mshelp://windows/?id=6a710a38-a254-4a80-9a53-6ea2e0816d24"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Authentication Method</maml:linkText><maml:uri href="mshelp://windows/?id=d43f0fad-14d0-4def-8440-631d6e8fe905"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Protocols and Ports</maml:linkText><maml:uri href="mshelp://windows/?id=e98f04c7-99c8-4816-a640-da8e73a14db3"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Exempt Computers</maml:linkText><maml:uri href="mshelp://windows/?id=12452b6f-dce5-4515-bfdd-455f08c77e5a"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Tunnel Type</maml:linkText><maml:uri href="mshelp://windows/?id=710fa446-c600-4691-ae28-37a9824fb95d"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Tunnel Endpoints â€“ Custom Configuration</maml:linkText><maml:uri href="mshelp://windows/?id=85c69539-f0c0-474c-9860-d220293ab2d6"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Tunnel Endpoints â€“ Client-to-Gateway</maml:linkText><maml:uri href="mshelp://windows/?id=63138fa3-9f09-4684-89cb-c44306ee3763"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Tunnel Endpoints â€“ Gateway-to-Client</maml:linkText><maml:uri href="mshelp://windows/?id=70d0c763-d3a3-486d-9f91-e213831f2485"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Profile</maml:linkText><maml:uri href="mshelp://windows/?id=9fcdfb8b-6e47-4c72-b6f3-cb6e5fdb529f"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Firewall Rule Wizard: Protocol and Ports Page - Custom Rule Type</maml:title><maml:introduction>
<maml:para>Use this wizard page to specify which protocols and ports specified in a network packet match this firewall rule.</maml:para>
<maml:procedure><maml:title>To get to this wizard page</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, right-click either <maml:ui>Inbound Rules</maml:ui> or <maml:ui>Outbound Rules</maml:ui>, and then click <maml:ui>New Rule</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>On the <maml:ui>Rule Type</maml:ui> page, select either <maml:ui>Port</maml:ui> or <maml:ui>Custom</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click <maml:ui>Next</maml:ui> through the wizard until you reach the <maml:ui>Protocol and Ports</maml:ui> page.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Protocol type</maml:title><maml:introduction>
<maml:para>Select the protocol whose network traffic you want to filter with this firewall rule. If the protocol you want is not in the list, select <maml:ui>Custom</maml:ui>, and then type the protocol number in <maml:ui>Protocol number</maml:ui>.</maml:para>
<maml:para>If you specify TCP or UDP, then you can specify the TCP or UDP port numbers in <maml:ui>Endpoint 1 port</maml:ui> and <maml:ui>Endpoint 2 port</maml:ui>.</maml:para>
<maml:para>For a list of the protocols, their protocol numbers, and a brief description, see <maml:navigationLink><maml:linkText>Firewall Rule Properties Page: Protocol and Ports Tab</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?linkid=137823"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=137823) in the TechNet Library.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Protocol number</maml:title><maml:introduction>
<maml:para>When you select a protocol type, the corresponding protocol identification number is automatically displayed in <maml:ui>Protocol number</maml:ui> and is read-only. If you select <maml:ui>Custom</maml:ui> for <maml:ui>Protocol type</maml:ui>, then type the protocol identification number in <maml:ui>Protocol number</maml:ui>.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Local port</maml:title><maml:introduction>
<maml:para>If you are using the TCP or UDP protocol type, you can specify the local port by using one of the choices from the drop-down list, or by specifying a port or a list of ports. The local port is the port on the computer on which the firewall profile is applied.</maml:para>
<maml:para>The following options are available for inbound rules:</maml:para>
<maml:list class="unordered">
<maml:listItem><maml:para><maml:phrase>All Ports</maml:phrase>. Available for both TCP and UDP on inbound and outbound rules. Selecting this option specifies that all of the ports for the selected protocol match the rule.</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:phrase>Specific Ports</maml:phrase>. Available for both TCP and UDP on inbound and outbound rules. Selecting this option enables the text box where you can type the port numbers that you need. Separate port numbers with commas, and include ranges by separating the low and high values with a hyphen.</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:phrase>RPC Endpoint Mapper</maml:phrase>. Available for TCP on inbound rules only. Selecting this option allows the local computer to receive incoming remote procedure call (RPC) requests on TCP port 135 to the RPC Endpoint Mapper (RPC-EM). A request to the RPC-EM identifies a network service and asks for the port number on which the specified network service is listening. RPC-EM responds with the port number to which the remote computer should send future network traffic for the service. This option also enables RPC-EM to receive RPC over HTTP requests.</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:phrase>RPC Dynamic Ports</maml:phrase>. Available for TCP on inbound rules only. Selecting this option allows the local computer to receive inbound network packets to ports assigned by the RPC runtime. Ports in the RPC ephemeral range are blocked by Windows Firewall unless assigned by the RPC runtime to a specific RPC network service. Only the program to which the RPC runtime assigned the port can receive inbound traffic on that port.</maml:para>
<maml:alertSet class="important"><maml:title>Important </maml:title><maml:alert>Creating rules to allow RPC network traffic by using the <maml:ui>RPC Endpoint Mapper</maml:ui> and <maml:ui>RPC Dynamic Ports</maml:ui> options allows all RPC network traffic. Windows Firewall cannot filter RPC traffic by the universally unique identifier (UUID) of the destination program.</maml:alert><maml:alert>When an application uses RPC to communicate from a client to a server, you must typically create two rules, one for RPC Endpoint Mapper and one for Dynamic RPC.</maml:alert></maml:alertSet>
</maml:listItem>
<maml:listItem><maml:para><maml:phrase>IPHTTPS</maml:phrase>. Available for TCP only. Available under <maml:ui>Local port</maml:ui> for inbound rules only. Selecting this option allows the local computer to receive incoming IP over HTTPS (IPTHTTPS) packets from a remote computer. IPHTTPS is a tunneling protocol that supports embedding Internet Protocol version 6 (IPv6) packets in Internet Protocol version 4 (IPv4) HTTPS network packets. This allows IPv6 traffic to traverse some IP proxies that do not support IPv6 or some of the other IPv6 transition technologies, such as Teredo and 6to4.</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:phrase>Edge Traversal</maml:phrase>. Available for UDP on inbound rules only. Selecting this option allows the local computer to receive incoming Teredo network packets. </maml:para></maml:listItem>
</maml:list>

</maml:introduction></maml:section><maml:section><maml:title>Remote port</maml:title><maml:introduction>
<maml:para>If you are using the TCP or UDP protocol type, you can specify the local port and remote port by using one of the choices from the drop-down list, or by specifying a port or a list of ports. The remote port is the port on the computer that is attempting to communicate with the computer on which the firewall profile is applied.</maml:para>
<maml:para>The following options are available for inbound rules:</maml:para>
<maml:list class="unordered">
<maml:listItem><maml:para><maml:phrase>All Ports</maml:phrase>. Available for both TCP and UDP on inbound and outbound rules. Selecting this option specifies that all of the ports for the selected protocol match the rule. </maml:para></maml:listItem>
<maml:listItem><maml:para><maml:phrase>Specific Ports</maml:phrase>. Available for both TCP and UDP on inbound and outbound rules. Selecting this option enables the text box where you can type the port numbers that you need. Separate port numbers with commas, and include ranges by separating the low and high values with a hyphen.</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:phrase>IPHTTPS</maml:phrase>. Available for TCP only. Available under <maml:ui>Remote port</maml:ui> for outbound rules only. Selecting this option allows the local computer to send outbound IPTHTTPS packets to a remote computer. IPHTTPS is a tunneling protocol that supports embedding IPv6 packets in IPv4 HTTPS network packets. This allows IPv6 traffic to traverse some IP proxies that do not support IPv6 or some of the other IPv6 transition technologies, such as Teredo and 6to4.</maml:para></maml:listItem>
</maml:list>

</maml:introduction></maml:section><maml:section><maml:title>Internet Control Message Protocol (ICMP) Settings</maml:title><maml:introduction>
<maml:para>If you want to create a rule that allows or blocks ICMP packets, in the <maml:ui>Protocol type</maml:ui> list, select <maml:ui>ICMPv4</maml:ui> or <maml:ui>ICMPv6</maml:ui>, and then click <maml:ui>Customize</maml:ui>. Use the <maml:ui>Customize ICMP Settings</maml:ui> dialog box to configure the settings.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>How to change these settings</maml:title><maml:introduction>
<maml:para>After you create the firewall rule, you can change these settings in the <maml:ui>Firewall Rule Properties</maml:ui> dialog box. This dialog box appears when you double-click a rule in <maml:ui>Inbound Rules</maml:ui> and <maml:ui>Outbound Rules</maml:ui>. To change these settings, use the <maml:ui>Protocols and Ports</maml:ui> tab.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Firewall Rule Wizard</maml:linkText><maml:uri href="mshelp://windows/?id=5886c961-2f7a-46f9-928b-2b906f2c354a"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Monitored Main Mode Security Associations</maml:title><maml:introduction>
<maml:para>Main mode negotiation establishes a secure channel between two computers by determining a set of cryptographic protection suites, exchanging keying material to establish a shared secret key, and authenticating computer and user identities. A security association (SA) is the information maintained about that secure channel on the local computer so that it can use the information for future network traffic to the remote computer. You can monitor main mode SAs for information like which peers are currently connected to this computer and which protection suite was used to form the SA.</maml:para>
<maml:procedure><maml:title>To get to this view</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, expand <maml:ui>Monitoring</maml:ui>, expand <maml:ui>Security Associations</maml:ui>, and then click <maml:ui>Main Mode</maml:ui>. </maml:para></maml:section></maml:sections></maml:step></maml:procedure>
<maml:para>The following information is available in the table view of all main mode SAs. To see the information for a single main mode SA, double-click the SA in the list. </maml:para>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Main mode SA information</maml:title><maml:introduction>
<maml:para>You can add, remove, reorder, and sort by these columns in the Results pane:</maml:para>
<maml:list class="unordered">
<maml:listItem><maml:para><maml:ui>Local Address</maml:ui>: The local computer IP address.</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:ui>Remote Address</maml:ui>: The remote computer or peer IP address.</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:ui>1st Authentication Method</maml:ui>: The authentication method used to create the SA.</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:ui>1st Authentication Local ID:</maml:ui>: The authenticated identity of the local computer used in first authentication.</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:ui>1st Authentication Remote ID</maml:ui>: The authenticated identity of the remote computer used in first authentication.</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:ui>2nd Authentication Method</maml:ui>: The authentication method used in the SA.</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:ui>2nd Authentication Local ID:</maml:ui>: The authenticated identity of the local computer used in second authentication.</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:ui>2nd Authentication Remote ID</maml:ui>: The authenticated identity of the remote computer used in second authentication.</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:ui>Encryption</maml:ui>: The encryption method used by the SA to secure quick mode key exchanges.</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:ui>Integrity</maml:ui>: The data integrity method used by the SA to secure quick mode key exchanges.</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:ui>Key Exchange</maml:ui>: The Diffie-Hellman group used to create the main mode SA.</maml:para></maml:listItem>
</maml:list>

<maml:para>Any user account can be used to complete this procedure.</maml:para>
<maml:procedure><maml:title>To add, remove, or reorder a column</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Right-click in a blank area in the Results pane for the Main Mode folder, select <maml:ui>View</maml:ui>, and then click <maml:ui>Add/Remove Columns</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the <maml:ui>Add/Remove Columns</maml:ui> dialog box, from the <maml:ui>Available columns</maml:ui> list, select the column you want to view, and then click <maml:ui>Add</maml:ui>. You can select only one column name at a time.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>You can also select columns that you do not want to view. From the <maml:ui>Displayed columns</maml:ui> list, click <maml:ui>Remove</maml:ui>. You can select only one column name at a time.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>To reorder the columns, from left to right, select a column in the <maml:ui>Displayed columns</maml:ui> list, and then click <maml:ui>Move Up</maml:ui> or <maml:ui>Move Down</maml:ui>. You can select only one column name at a time.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>When you are finished, click <maml:ui>OK</maml:ui>. The view will change to reflect your preferences.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Monitored Quick Mode Security Associations</maml:linkText><maml:uri href="mshelp://windows/?id=8c965889-6e37-4ad0-b41d-4f98bed709ad"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Monitoring Windows Firewall with Advanced Security</maml:title><maml:introduction><maml:para>The <maml:ui>Monitoring</maml:ui> item in the Windows Firewall with Advanced Security MMC snap-in allows you to monitor the active firewall rules and connection security rules on the computer. Policies created using the IP Security Policy snap-in cannot be viewed using Windows Firewall with Advanced Security.</maml:para>
<maml:para>The overview page shows which profiles are active (domain, private, public) and the current settings for each of the active profiles.</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>Only rules that apply to the currently active profiles are displayed. A rule for another profile might be enabled, but if the profile to which it is assigned is not active, then neither is the rule.</maml:para></maml:alertSet>

<maml:para>For more information, see <maml:navigationLink><maml:linkText>Monitoring Windows Firewall with Advanced Security</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?linkid=137811"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=137811) in the TechNet Library.</maml:para>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Default Settings for Windows Firewall with Advanced Security</maml:title><maml:introduction>
<maml:para>The following tables list the default values for Internet Protocol security (IPsec) settings. </maml:para>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Key exchange</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader><maml:row><maml:entry><maml:para>Settings</maml:para></maml:entry><maml:entry><maml:para>Value</maml:para></maml:entry></maml:row></maml:tableHeader>
<maml:row><maml:entry><maml:para>Key lifetimes</maml:para></maml:entry><maml:entry><maml:para>480 minutes/0 sessions*</maml:para></maml:entry></maml:row>
<maml:row><maml:entry><maml:para>Key exchange algorithm</maml:para></maml:entry><maml:entry><maml:para>Diffie-Hellman Group 2</maml:para></maml:entry></maml:row>
<maml:row><maml:entry><maml:para>Security methods (integrity)</maml:para></maml:entry><maml:entry><maml:para>SHA1</maml:para></maml:entry></maml:row>
<maml:row><maml:entry><maml:para>Security methods (encryption)</maml:para></maml:entry><maml:entry><maml:para>AES-128 (primary)/3-DES (secondary)</maml:para></maml:entry></maml:row>
</maml:table>
<maml:para>*A session limit of zero (0) causes rekeys to be determined only by the <maml:ui>Key lifetime (minutes)</maml:ui> setting.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Data integrity</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader><maml:row><maml:entry><maml:para>Setting</maml:para></maml:entry><maml:entry><maml:para>Value</maml:para></maml:entry></maml:row></maml:tableHeader>
<maml:row><maml:entry><maml:para>Protocol</maml:para></maml:entry><maml:entry><maml:para>ESP (primary)/AH (secondary)</maml:para></maml:entry></maml:row>
<maml:row><maml:entry><maml:para>Data integrity</maml:para></maml:entry><maml:entry><maml:para>SHA1</maml:para></maml:entry></maml:row>
<maml:row><maml:entry><maml:para>Key lifetimes</maml:para></maml:entry><maml:entry><maml:para>60 minutes/100,000 kilobytes (KB) </maml:para></maml:entry></maml:row>
</maml:table>
</maml:introduction></maml:section><maml:section><maml:title>Data encryption</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader><maml:row><maml:entry><maml:para>Setting</maml:para></maml:entry><maml:entry><maml:para>Value</maml:para></maml:entry></maml:row></maml:tableHeader>
<maml:row><maml:entry><maml:para>Protocol</maml:para></maml:entry><maml:entry><maml:para>ESP</maml:para></maml:entry></maml:row>
<maml:row><maml:entry><maml:para>Data integrity</maml:para></maml:entry><maml:entry><maml:para>SHA1</maml:para></maml:entry></maml:row>
<maml:row><maml:entry><maml:para>Data encryption</maml:para></maml:entry><maml:entry><maml:para>AES-128 (primary)/3-DES (secondary)</maml:para></maml:entry></maml:row>
<maml:row><maml:entry><maml:para>Key lifetimes</maml:para></maml:entry><maml:entry><maml:para>60 minutes/100,000 KB</maml:para></maml:entry></maml:row>
</maml:table>
</maml:introduction></maml:section><maml:section><maml:title>Authentication method</maml:title><maml:introduction>
<maml:para>Computer KerberosÂ version 5 authentication is the default authentication method.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>How default settings work with Group Policy</maml:title><maml:introduction>
<maml:para>Policies created using the Windows Firewall with Advanced Security snap-in and distributed with Group Policy are applied in this order:</maml:para>
<maml:list class="ordered">
<maml:listItem><maml:para>Highest precedence Group Policy object (GPO).</maml:para></maml:listItem>
<maml:listItem><maml:para>Locally defined policy settings.</maml:para></maml:listItem>
<maml:listItem><maml:para>Service defaults, as shown in the tables in this topic.</maml:para></maml:listItem>
</maml:list>
</maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Windows Firewall with Advanced Security</maml:linkText><maml:uri href="mshelp://windows/?id=60324d03-97f8-4aa5-864b-af205ebff02b"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Firewall Rule Properties Page: General Tab</maml:title><maml:introduction>
<maml:para>Use Use this tab to name, enable, and specify the action of a firewall rule.</maml:para>

<maml:procedure><maml:title>To get to this tab</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, in either <maml:ui>Inbound Rules</maml:ui> or <maml:ui>Outbound Rules</maml:ui>, double-click the firewall rule you want to modify, and then click the <maml:ui>General</maml:ui> tab.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>General section</maml:title><maml:introduction>
<maml:para>This section contains identifying information about the rule and gives you the ability to enable or disable the rule.</maml:para></maml:introduction>

<maml:sections>
<maml:section><maml:title>Name</maml:title><maml:introduction>
<maml:para>This is the name of the firewall rule. As a best practice, give the firewall rule a unique name. If two rules have the same name, then you cannot easily manage them by using the <maml:phrase>netsh</maml:phrase> commands. Do not use the name â€œallâ€ for a firewall rule because that is the name of a Netsh command-line tool keyword.</maml:para>
</maml:introduction></maml:section>

<maml:section><maml:title>Description (optional)</maml:title><maml:introduction>
<maml:para>This is a description of the rule. Use this to provide information about the rule, such as the rule owner, the rule requester, the purpose of the rule, a version number, or the date of creation.</maml:para>
</maml:introduction></maml:section>

<maml:section><maml:title>Enabled</maml:title><maml:introduction>
<maml:para>Select this check box to enable the rule. Enabling a rule causes Windows Firewall with Advanced Security to compare all network packets to the criteria in this rule and to perform the action specified in <maml:ui>Action</maml:ui> when a match is found. Disabling the rule does not delete it, but instead causes Windows Firewall with Advanced Security to stop comparing network packets to the rule.</maml:para>
</maml:introduction></maml:section>
</maml:sections></maml:section><maml:section><maml:title>Action section</maml:title><maml:introduction>
<maml:para>Select the action that Windows Firewall with Advanced Security will take for network packets that match the firewall rule criteria. When you have multiple firewall rules defined, the order in which they are evaluated for a match depends on the action specified in the rule. Firewall rules are evaluated in the following order:</maml:para>
<maml:list class="ordered">
<maml:listItem><maml:para><maml:phrase>Allow if secure</maml:phrase> with <maml:ui>Override block rules</maml:ui> selected in the <maml:ui>Customize Allow if Secure Settings</maml:ui> dialog box.</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:phrase>Block the connection</maml:phrase>.</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:phrase>Allow the connection</maml:phrase>.</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:phrase>Default profile behavior</maml:phrase> (allow or block as specified on the applicable <maml:ui>Profile</maml:ui> tab of the <maml:ui>Windows Firewall with Advanced Security Properties</maml:ui> dialog box).</maml:para>
</maml:listItem></maml:list>
<maml:para>Within each category, rules are evaluated from the most specific to the least specific. A rule that specifies four criteria is selected over a rule that specifies only three criteria. As soon as a network packet matches a rule, its action is triggered, and it is not compared to any additional rules. In other words, even if a network packet matches more than one rule, only the matching rule that is evaluated against the packet first is applied to the packet.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Allow the connection</maml:title><maml:introduction>
<maml:para>Use this option to allow a network packet that matches all criteria in the firewall rule.</maml:para>
</maml:introduction></maml:section>

<maml:section><maml:title>Allow the connection if it is secure</maml:title><maml:introduction>
<maml:para>Use this option to specify that only network packets that are protected by Internet Protocol security (IPsec) are allowed. IPsec settings must be defined in separate connection security rules. By default, this setting requires both authentication and integrity to be included, but it does not require encryption. To configure the requirements, click <maml:ui>Customize</maml:ui>, and then select an option on the <maml:ui>Customize Allow If Secure Settings</maml:ui> dialog box.</maml:para>
</maml:introduction></maml:section>

<maml:section><maml:title>Block the connection</maml:title><maml:introduction>
<maml:para>Use this option to explicitly block any network packet that matches the firewall rule criteria. The block action takes precedence over the allow action, unless the <maml:ui>Override block rules</maml:ui> option is selected when the firewall rule is created.</maml:para>
</maml:introduction></maml:section>
</maml:sections>
</maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Firewall Rule Properties Page</maml:linkText><maml:uri href="mshelp://windows/?id=142a13a0-f0c4-4122-95d9-ecfb6f6391c4"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
</maml:list>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Monitor Firewall Rules - General</maml:title><maml:introduction>
<maml:para>This tab shows basic information about an inbound or outbound firewall rule that is being applied to the computer.</maml:para>
<maml:procedure><maml:title>To get to this tab</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, expand <maml:ui>Monitoring</maml:ui>, and then expand <maml:ui>Firewall</maml:ui>. </maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Double-click the firewall rule you want to examine, and then click the <maml:ui>General</maml:ui> tab.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Local IP address</maml:title><maml:introduction>
<maml:para>This lists the local IP address, range of addresses, or subnet to which the rule applies, as configured on the <maml:ui>Scope</maml:ui> tab of the <maml:ui>Firewall Rule Properties</maml:ui> page.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Remote IP address</maml:title><maml:introduction>
<maml:para>This lists the remote IP address, range of addresses, or subnet to which the rule applies, as configured on the <maml:ui>Scope</maml:ui> tab of the <maml:ui>Firewall Rule Properties</maml:ui> page.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Direction</maml:title><maml:introduction>
<maml:para>This indicates whether the rule is an <maml:ui>Inbound</maml:ui> or <maml:ui>Outbound</maml:ui> rule.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Profile</maml:title><maml:introduction>
<maml:para>This lists the network location profiles, <maml:ui>Domain</maml:ui>, <maml:ui>Private</maml:ui>, <maml:ui>Public</maml:ui> or <maml:ui>All</maml:ui>, to which the rule applies, as configured on the <maml:ui>Advanced</maml:ui> tab of the <maml:ui>Firewall Rule Properties</maml:ui> page.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Monitored Firewall Rules Properties Page</maml:linkText><maml:uri href="mshelp://windows/?id=20b3aba6-884a-4ef9-8ea7-914e4cd735d9"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Monitor Connection Security Rules - Authentication</maml:title><maml:introduction>
<maml:para>This tab shows basic information about authentication methods used by a connection security rule that is applied to the computer.</maml:para>

<maml:procedure><maml:title>To get to this tab</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, expand <maml:ui>Monitoring</maml:ui>, and then expand <maml:ui>Connection Security Rules</maml:ui>. </maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Double-click the rule you want to examine, and then select the <maml:ui>Authentication</maml:ui> tab.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Requirements</maml:title><maml:introduction>
<maml:para>This refers to the authentication requirement on connections matching the rule criteria.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>First authentication</maml:title><maml:introduction>
<maml:para>The first and second authentication methods are used during the main mode phase of Internet Protocol security (IPsec) negotiations. For first authentication, you can view the way the two peer computers authenticate, such as through KerberosÂ version 5, NTLMv2, computer certificates, or another method.</maml:para>
<maml:para>The <maml:ui>Details</maml:ui> column displays information for certificates and preshared keys only. For certificates, it displays the issuer details, whether the certificate was issued by a root or intermediate certification authority (CA), and the certificate signing algorithm. For a preshared key, it displays the key in plain text.</maml:para>
<maml:para>The authentication information displayed can be configured on the <maml:ui>Authentication</maml:ui> tab of the <maml:ui>Connection Security Rules Properties</maml:ui> dialog box.</maml:para></maml:introduction></maml:section><maml:section><maml:title>Second authentication</maml:title><maml:introduction>
<maml:para>For second authentication, you can view the user authentication method, such as KerberosÂ version 5, NTLMv2, user certificates, or a computer health certificate.</maml:para>
<maml:para>The <maml:ui>Details</maml:ui> column displays information for certificates only. It displays the issuer details, whether the certificate was issued by a root or intermediate CA, and the certificate signing algorithm.</maml:para>
<maml:para>The authentication information that is displayed can be configured on the <maml:ui>Authentication</maml:ui> tab of the <maml:ui>Connection Security Rules Properties</maml:ui> dialog box.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Monitored Connection Security Rules Properties Page</maml:linkText><maml:uri href="mshelp://windows/?id=9d81b178-5fef-4b23-9dc7-e85f20bbf5d9"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Firewall Rule Properties Page: Users Tab</maml:title><maml:introduction>
<maml:para>Use these settings to specify which users or user groups can connect to the local computer.</maml:para>

<maml:alertSet class="important"><maml:title>Important </maml:title><maml:para>These options are only available when the firewall rule action is set to <maml:ui>Allow the connection if it is secure</maml:ui>. To be considered secure, the network traffic must be protected by a connection security rule that requires authentication by using a method that includes user identification information, such as KerberosÂ version 5, NTLMv2, or a certificate with certificate-to-account mapping enabled.</maml:para></maml:alertSet>

<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>This tab is displayed for inbound rules only; is not available for outbound rules.</maml:para></maml:alertSet>

<maml:procedure><maml:title>To get to this tab</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, in <maml:ui>Inbound Rules</maml:ui> or <maml:ui>Outbound Rules</maml:ui>, double-click the firewall rule you want to modify, and then click the <maml:ui>Users</maml:ui> tab.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Authorized users</maml:title><maml:introduction>
<maml:para>Use this section to identify the user or group accounts that are allowed to make the connection specified by the rule.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title>Only allow connections from these users</maml:title><maml:introduction>
<maml:para>Select <maml:ui>Only allow connections from these users</maml:ui> to specify which users can connect to this computer. Network traffic that is not authenticated as coming from a user on this list is blocked by Windows Firewall.</maml:para>
<maml:para>If you select the check box, then <maml:ui>Add</maml:ui> is enabled. Click <maml:ui>Add</maml:ui>, and then specify the user or group accounts in the <maml:ui>Select Users, Computers, or Groups</maml:ui> dialog box.</maml:para>
<maml:para>To remove a user or group from the list, select the user or group, and then click <maml:ui>Remove</maml:ui>.</maml:para>
</maml:introduction></maml:section>

</maml:sections>
</maml:section><maml:section><maml:title>Exceptions</maml:title><maml:introduction>
<maml:para>Use this section to identify user or group accounts that might be listed in <maml:ui>Authorized users</maml:ui>, possibly because the user or group account is a member of a group, but whose network traffic must be blocked by Windows Firewall. For example, User A is a member of Group B. Group B is included in <maml:ui>Authorized users</maml:ui>, so network traffic authenticated as coming from a user that is a member of Group B is allowed. However, by placing User A in the <maml:ui>Exceptions</maml:ui> list, network traffic authenticated as being from User A is not processed by this rule, and so is blocked by the default firewall behavior unless some other rule allows the traffic.</maml:para></maml:introduction>

<maml:sections>
<maml:section><maml:title>Skip this rule for connections from these users</maml:title><maml:introduction>
<maml:para>Select <maml:ui>Skip this rule for connections from these users</maml:ui> to specify users or groups whose network traffic is an exception to this rule. Network traffic that is authenticated as coming from a user in this list is not processed by the rule, even if the user is also in the <maml:ui>Authorized users</maml:ui> list.</maml:para>
<maml:para>If you select the check box, then <maml:ui>Add</maml:ui> is enabled. Click <maml:ui>Add</maml:ui>, and then specify the user or group accounts in the <maml:ui>Select Users, Computers, or Groups</maml:ui> dialog box.</maml:para>
<maml:para>To remove a user or group from the list, select the user or group, and then click <maml:ui>Remove</maml:ui>.</maml:para>
</maml:introduction></maml:section>

</maml:sections>

</maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Firewall Rule Properties Page</maml:linkText><maml:uri href="mshelp://windows/?id=142a13a0-f0c4-4122-95d9-ecfb6f6391c4"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Dialog Box: Customize Settings for a Firewall Profile</maml:title><maml:introduction>
<maml:para>Use these options to define who can make changes to Windows Firewall properties and profiles.</maml:para>

<maml:procedure><maml:title>To get to this dialog box</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>From the Windows Firewall with Advanced Security MMC snap-in, in <maml:ui>Overview</maml:ui>, click <maml:ui>Windows Firewall properties</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Select the tab that corresponds to the firewall profile you want to configure.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In <maml:ui>Settings</maml:ui>, click <maml:ui>Customize</maml:ui>.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>

</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Display a notification when a program is blocked</maml:title><maml:introduction>
<maml:para>Select this option to have Windows Firewall with Advanced Security display a notification to the user when a program is blocked from receiving inbound connections. The notification appears when all of the following conditions are true: </maml:para>
<maml:list class="unordered">
<maml:listItem><maml:para>This option is selected.</maml:para></maml:listItem>
<maml:listItem><maml:para>There is no existing block or allow rule for this program. If a block rule exists, then the program is blocked without displaying the notification to the user.</maml:para></maml:listItem>
<maml:listItem><maml:para>The program is blocked by the default behavior of Windows Firewall.</maml:para></maml:listItem>
</maml:list>
<maml:para>The user is given the option to unblock the program, as long as the user has network operator or administrator permissions. Selecting the option to unblock the program automatically creates an inbound program rule for the program that was blocked.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Allow unicast response to multicast or broadcast requests</maml:title><maml:introduction>
<maml:para>This option is useful if you need to control whether this computer receives unicast responses to its outgoing multicast or broadcast messages. If you enable this setting, and this computer sends multicast or broadcast messages to other computers, Windows Firewall with Advanced Security waits as long as 4 seconds for unicast responses from the other computers and then blocks all later responses. If you disable this setting, and this computer sends a multicast or broadcast message to other computers, Windows Firewall with Advanced Security blocks the unicast responses sent by those other computers.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Rule merging</maml:title><maml:introduction>
<maml:para>Use these options when using Group Policy to configure firewall and connection security rules on the local computer. Disabling the options prevents a local user with network operator or administrator permissions from creating firewall or connection security rules that might conflict with the rules deployed by Group Policy.</maml:para>
</maml:introduction>

<maml:sections><maml:section><maml:title>Allow local firewall rules</maml:title><maml:introduction>
<maml:para>Select this option when, in addition to firewall rules applied by Group Policy that are specific to this computer, you want to allow administrators to be able to create and apply local firewall rules on this computer. When you clear this option, administrators can still create rules, but locally defined rules are not applied. This setting is available only when you are configuring the policy through Group Policy.</maml:para>
</maml:introduction></maml:section>

<maml:section><maml:title>Allow local connection security rules</maml:title><maml:introduction>
<maml:para>Select this option when, in addition to connection security rules applied by Group Policy that are specific to this computer, you want to allow administrators to create and apply local connection security rules on this computer. When you clear this option, administrators can still create rules, but locally defined rules are not applied. This setting is available only when configuring the policy through Group Policy.</maml:para>
</maml:introduction></maml:section>
</maml:sections></maml:section></maml:sections></maml:content><maml:relatedLinks type="seeAlso"><maml:title>See Also</maml:title><maml:navigationLink><maml:linkText>User Interface: Windows Firewall with Advanced Security</maml:linkText><maml:uri href="mshelp://windows/?id=c243c092-48c6-4073-9b19-b9c98c931582"></maml:uri></maml:navigationLink></maml:relatedLinks></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Firewall Rule Wizard</maml:title><maml:introduction>
<maml:para>This section describes the pages on the Inbound and Outbound Firewall Rule Wizard in Windows Firewall with Advanced Security.</maml:para>
<maml:list class="unordered">
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Rule Type</maml:linkText><maml:uri href="mshelp://windows/?id=dc5c6bc1-9537-456d-b168-faf78a66554f"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Program</maml:linkText><maml:uri href="mshelp://windows/?id=ba442eea-0e40-4936-bb3a-413993267098"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Protocol and Ports â€“ Port Rule</maml:linkText><maml:uri href="mshelp://windows/?id=b029858f-ef85-4cdd-a29c-06a9457f4365"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Protocol and Ports â€“ Custom Rule</maml:linkText><maml:uri href="mshelp://windows/?id=2adf4b4a-fbdb-4bfa-8e09-8648c986f4f0"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Predefined Rules</maml:linkText><maml:uri href="mshelp://windows/?id=8b29e655-9fb1-4ba5-a701-30812af59d2e"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Scope</maml:linkText><maml:uri href="mshelp://windows/?id=cc83aec7-e835-4b20-acbd-e40eac6764f2"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Action</maml:linkText><maml:uri href="mshelp://windows/?id=1826c5b4-7aa9-419a-a211-07542a5dcf1a"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Users</maml:linkText><maml:uri href="mshelp://windows/?id=c85aba54-dcb3-45be-b1bd-271d579da6fc"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Computers</maml:linkText><maml:uri href="mshelp://windows/?id=5aaa1ce1-0a0e-4686-a4cf-d63cb0a351da"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Profile</maml:linkText><maml:uri href="mshelp://windows/?id=98690952-0b7a-4b1f-bbee-3db1fa381f4f"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Dialog Box: Customize Logging Settings for a Firewall Profile</maml:title><maml:introduction>
<maml:para>Windows Firewall with Advanced Security can be configured to log events that indicate the successes and failures of its processes. The logging settings involve two groups of settings: settings for the log file itself and settings that determine which events the file will record. The settings can be configured separately for each of the firewall profiles.</maml:para>
<maml:para>You can specify where the log file will be created, how big the file can grow, and whether you want the log file to record information about dropped packets, successful connections, or both.</maml:para>

<maml:procedure><maml:title>To get to this dialog box</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>From the Windows Firewall with Advanced Security MMC snap-in, in <maml:ui>Overview</maml:ui>, click <maml:ui>Windows Firewall properties</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Select the tab that corresponds to the firewall profile for which you want to configure logging.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In <maml:ui>Logging</maml:ui>, click <maml:ui>Customize</maml:ui>.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>

</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Name</maml:title><maml:introduction>
<maml:para>Enter the path and name of the file in which you want Windows Firewall to write its log information. If you are configuring a Group Policy object (GPO) for deployment to multiple computers, use the available environment variables, such as %windir%, to ensure that the location is correct for each computer on your network.</maml:para>
<maml:para>Just specifying a file location does not start logging. You must also select one of the two check boxes to log dropped packets or successful connections.</maml:para>
<maml:alertSet class="important"><maml:title>Important </maml:title><maml:para>If you are configuring the setting for a computer that is running WindowsÂ Vista or later version of Windows, and you specify a location other than the default, you must ensure that the Windows Firewall service has permissions to write to that location.</maml:para></maml:alertSet>
<maml:procedure><maml:title>To grant write permissions for the log folder to the Windows Firewall service</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Locate the folder that you specified for the logging file, right-click it, and then click <maml:ui>Properties</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click the <maml:ui>Security</maml:ui> tab, and then click <maml:ui>Edit</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click <maml:ui>Add</maml:ui>, in <maml:ui>Enter object names to select</maml:ui>, type <maml:userInput>NT SERVICE\mpssvc</maml:userInput>, and then click <maml:ui>OK</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the <maml:ui>Permissions</maml:ui> dialog box, verify that MpsSvc has <maml:ui>Write</maml:ui> access, and then click <maml:ui>OK</maml:ui>.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction></maml:section><maml:section><maml:title>Size limit</maml:title><maml:introduction>
<maml:para>Specify the maximum size to which the file is permitted to grow. The value must be between 1 and 32,767 kilobytes (KB).</maml:para>
<maml:para>When the specified size limit is reached, Windows Firewall with Advanced Security closes the log file and renames it by adding ".old" to the end of the file name. It then creates and uses a new log file that has the original log file name. Only two files are kept at a time. If the second file reaches the maximum size, then it is renamed by adding â€œ.oldâ€, and the original â€œ.oldâ€ file is discarded.</maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Log dropped packets</maml:title><maml:introduction>
<maml:para>Use this option to log when Windows Firewall with Advanced Security discards an inbound packet for any reason. The log records why and when the packet was dropped. Look for entries with the word <maml:ui>DROP</maml:ui> in the <maml:ui>action</maml:ui> column of the log.</maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Log successful connections</maml:title><maml:introduction>
<maml:para>Use this option to log when Windows Firewall with Advanced Security allows an inbound connection. The log records why and when the connection was formed. Look for entries with the word <maml:ui>ALLOW</maml:ui> in the <maml:ui>action</maml:ui> column of the log.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Event log</maml:title><maml:introduction>
<maml:para>The Windows Firewall with Advanced Security operational event log is another resource you can use to view Windows Firewall policy changes. The operational log is always on and contains events for both firewall rules and connection security rules. </maml:para>
<maml:procedure><maml:title>To view the Windows Firewall with Advanced Security event log</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Open Event Viewer. Click <maml:ui>Start</maml:ui>, click <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>Event Viewer</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the navigation pane, expand <maml:ui>Applications and Services Logs</maml:ui>, expand <maml:ui>Microsoft</maml:ui>, expand <maml:ui>Windows</maml:ui>, and then expand <maml:ui>Windows Firewall with Advanced Security</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click either <maml:ui>ConnectionSecurity</maml:ui>, <maml:ui>ConnectionSecurityVerbose</maml:ui>, <maml:ui>Firewall</maml:ui>, or <maml:ui>FirewallVerbose</maml:ui>. The logs marked â€œverboseâ€ are not enabled by default. To enable them, in <maml:ui>Actions</maml:ui>, click <maml:ui>Enable Log</maml:ui>.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction></maml:section></maml:sections></maml:content><maml:relatedLinks type="seeAlso"><maml:title>See Also</maml:title><maml:navigationLink><maml:linkText>User Interface: Windows Firewall with Advanced Security</maml:linkText><maml:uri href="mshelp://windows/?id=c243c092-48c6-4073-9b19-b9c98c931582"></maml:uri></maml:navigationLink></maml:relatedLinks></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Dialog Box: Customize Interface Types</maml:title><maml:introduction>
<maml:para>Use this dialog box to specify to which interface types the rule is applied. You can specify the local area network (that is, wired network adapters), wireless network adapters, remote access connections, or all network connection types.</maml:para>

<maml:procedure><maml:title>To get to this dialog box</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, double-click the firewall rule you want to modify, and then click the <maml:ui>Advanced</maml:ui> tab.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Under <maml:ui>Interface types</maml:ui>, click <maml:ui>Customize</maml:ui>.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>All interface types</maml:title><maml:introduction>
<maml:para>The rule applies to communications sent through any of the network connections that you have configured on the computer.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>These interface types</maml:title><maml:introduction>
<maml:para>The rule applies to communications sent through only the network connections types selected in the box. You can select one or a combination of the types.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title>Local area network</maml:title><maml:introduction>
<maml:para>The rule applies only to communications sent through wired local area network (LAN) connections that you have configured on the computer.</maml:para>
</maml:introduction></maml:section>

<maml:section><maml:title>Remote access</maml:title><maml:introduction>
<maml:para>The rule applies only to communications sent through remote access, such as a virtual private network (VPN) connection or dial-up connection that you have configured on the computer.</maml:para>
</maml:introduction></maml:section>

<maml:section><maml:title>Wireless</maml:title><maml:introduction>
<maml:para>The rule applies only to communications sent through wireless network adapters that you have configured on the computer.</maml:para>
</maml:introduction></maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content><maml:relatedLinks type="seeAlso"><maml:title>See Also</maml:title><maml:navigationLink><maml:linkText>User Interface: Windows Firewall with Advanced Security</maml:linkText><maml:uri href="mshelp://windows/?id=c243c092-48c6-4073-9b19-b9c98c931582"></maml:uri></maml:navigationLink></maml:relatedLinks></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Firewall Rule Wizard: Computers Page</maml:title><maml:introduction>
<maml:para>For inbound rules, use these settings to specify which computers or computer groups can connect to the local computer. For outbound rules, use these settings to specify the computers or computer groups to which this computer can connect.</maml:para>
<maml:alertSet class="important"><maml:title>Important </maml:title><maml:para>To use these options, the firewall rule action must be set to <maml:ui>Allow the connection if it is secure</maml:ui>. To be considered secure, the network traffic must be protected by a connection security rule that requires authentication by using a method that includes computer identification information, such as KerberosÂ version 5, NTLMv2, or a certificate with certificate-to-account mapping enabled.</maml:para>
</maml:alertSet>

<maml:procedure><maml:title>To get to this wizard page</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>From the Windows Firewall with Advanced Security MMC snap-in, right-click <maml:ui>Inbound Rules</maml:ui> or <maml:ui>Outbound Rules</maml:ui>, and then click <maml:ui>New rule</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click <maml:ui>Next</maml:ui> through the wizard until you reach the <maml:ui>Action</maml:ui> page.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>On the <maml:ui>Action</maml:ui> page, select <maml:ui>Allow the connection if it is secure</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click <maml:ui>Next</maml:ui> through the wizard until you reach the <maml:ui>Computers</maml:ui> page.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Authorized computers</maml:title><maml:introduction>
<maml:para>Use this section to identify the computer or group accounts that are allowed to make the connection specified by the rule.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title>Only allow connections from/to these computers</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem><maml:para>For inbound rules, select <maml:ui>Only allow connections from these computers</maml:ui> to specify which computers can connect to this computer. Network traffic that is not authenticated as coming from a computer on this list is blocked by Windows Firewall.</maml:para></maml:listItem>
<maml:listItem><maml:para>For outbound rules, select <maml:ui>Only allow connections to these computers</maml:ui> to specify the computers to which this computer is allowed to connect. Outbound network traffic sent to computers that cannot be authenticated as a computer on the list is blocked by Windows Firewall.</maml:para></maml:listItem>
</maml:list>
<maml:para>If you select the check box, then <maml:ui>Add</maml:ui> is enabled. Click <maml:ui>Add</maml:ui>, and then specify the computer or group accounts in the <maml:ui>Select Users, Computers and Groups</maml:ui> dialog box. To remove a computer or group from the list, select the computer or group, and then click <maml:ui>Remove</maml:ui>.</maml:para>
</maml:introduction></maml:section>

</maml:sections>
</maml:section><maml:section><maml:title>Exceptions</maml:title><maml:introduction>
<maml:para>Use this section to identify computer or group accounts that might be listed in <maml:ui>Authorized computers</maml:ui>, possibly because the computer or group account is a member of a group, but whose network traffic must be blocked by Windows Firewall. For example, Computer A is a member of Group B. Group B is included in <maml:ui>Authorized computers</maml:ui>, so network traffic authenticated as coming from a computer in the group is allowed. By placing Computer A in the <maml:ui>Exceptions</maml:ui> list, network traffic authenticated as coming from Computer A is not processed by this rule, and so is blocked by the default firewall behavior unless some other rule allows the traffic.</maml:para>
</maml:introduction>

<maml:sections>
<maml:section><maml:title>Skip this rule for connections from/to these computers</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem><maml:para>For inbound rules, select <maml:ui>Skip this rule for connections from these computers</maml:ui> to specify which remote computers are exceptions to this rule.</maml:para></maml:listItem>
<maml:listItem><maml:para>For outbound rules, select <maml:ui>Skip this rule for connections to these computers</maml:ui> to specify the remote computers that are exceptions to this rule.</maml:para></maml:listItem>
</maml:list>
<maml:para>If you select the check box, then <maml:ui>Add</maml:ui> is enabled. Click <maml:ui>Add</maml:ui>, and then specify the computer or group accounts in <maml:ui>Select Users, Computers and Groups</maml:ui> dialog box. To remove a computer or group from the list, select the computer or group, and then click <maml:ui>Remove</maml:ui>.</maml:para>
</maml:introduction></maml:section>
</maml:sections>
</maml:section><maml:section><maml:title>How to change these settings</maml:title><maml:introduction>
<maml:para>After you create the firewall rule, you can change these settings in the <maml:ui>Firewall Rule Properties</maml:ui> dialog box. This dialog box appears when you double-click a rule in either <maml:ui>Inbound Rules</maml:ui> or <maml:ui>Outbound Rules</maml:ui>. To change these settings, select the <maml:ui>Computers</maml:ui> tab.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Firewall Rule Wizard</maml:linkText><maml:uri href="mshelp://windows/?id=5886c961-2f7a-46f9-928b-2b906f2c354a"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Monitor Connection Security Rules - General</maml:title><maml:introduction>
<maml:para>This tab shows basic information about a connection security rule that is being applied to the computer.</maml:para>

<maml:procedure><maml:title>To get to this tab</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, expand <maml:ui>Monitoring</maml:ui>, and then expand <maml:ui>Connection Security Rules</maml:ui>. </maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Double-click the rule you want to examine, and then click the <maml:ui>General</maml:ui> tab.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Endpoint 1 IP Address</maml:title><maml:introduction>
<maml:para>This is the IP address or range of IP addresses of the first endpoint as configured on the <maml:ui>Computers</maml:ui> tab of the <maml:ui>Connection Security Rule Properties</maml:ui> page. If no endpoint is specified, <maml:ui>Any</maml:ui> is displayed.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Endpoint 1 port</maml:title><maml:introduction>
<maml:para>This is the TCP or UDP port number of the first endpoint computer or group of computers as configured on the <maml:ui>Protocols and Ports</maml:ui> tab of the <maml:ui>Connection Security Rule Properties</maml:ui> page. If no port is specified, <maml:ui>Any</maml:ui> is displayed.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Endpoint 2 IP Address</maml:title><maml:introduction>
<maml:para>This is the IP address or range of IP addresses of the second endpoint as configured on the <maml:ui>Computers</maml:ui> tab of the <maml:ui>Connection Security Rule Properties</maml:ui> page. If no endpoint is specified, <maml:ui>Any</maml:ui> is displayed.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Endpoint 2 port</maml:title><maml:introduction>
<maml:para>This is the TCP or UDP port number of the second endpoint computer or group of computers as configured on the <maml:ui>Protocols and Ports</maml:ui> tab of the <maml:ui>Connection Security Rule Properties</maml:ui> page. If no port is specified, <maml:ui>Any</maml:ui> is displayed.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Protocol</maml:title><maml:introduction>
<maml:para>This is the protocol as configured by using the <maml:ui>Protocol type</maml:ui> option on the <maml:ui>Protocols and Ports</maml:ui> tab of the <maml:ui>Connection Security Rule Properties</maml:ui> page. If no protocol is specified, <maml:ui>Any</maml:ui> is displayed.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Profile</maml:title><maml:introduction>
<maml:para>This lists the network location profiles, domain, private or public, to which the rule applies, as configured on the <maml:ui>Advanced</maml:ui> tab of the <maml:ui>Connection Security Rule Properties</maml:ui> page.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Monitored Connection Security Rules Properties Page</maml:linkText><maml:uri href="mshelp://windows/?id=9d81b178-5fef-4b23-9dc7-e85f20bbf5d9"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Windows Firewall with Advanced Security</maml:title><maml:introduction><maml:para>You can use Windows Firewall with Advanced Security to help you protect the computers on your network. Windows Firewall with Advanced Security includes a stateful firewall that allows you to determine which network traffic is permitted to pass between your computer and the network. It also includes connection security rules that use Internet Protocol security (IPsec) to protect traffic as it travels across the network.</maml:para>

<maml:alertSet class="important"><maml:title>Important </maml:title><maml:para>Windows Firewall with Advanced Security is designed for administrators of a managed network to secure network traffic in an enterprise environment. Home users should use the Windows Firewall program in Control Panel instead. To start the Windows Firewall program, click <maml:ui>Start</maml:ui>, click <maml:ui>Control Panel</maml:ui>, click <maml:ui>System and Security</maml:ui>, and then click <maml:ui>Windows Firewall</maml:ui>. You can access Help for the Windows Firewall program either by pressing the F1 key on the main Windows Firewall page, or by clicking the links found on many of the Windows Firewall dialog boxes.</maml:para></maml:alertSet>

<maml:para>For more information about Windows Firewall with Advanced Security, see <maml:navigationLink><maml:linkText>Windows Firewall with Advanced Security Content Roadmap</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?linkid=64342"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=64342) in the Windows Server TechCenter.</maml:para>

<maml:list class="unordered">
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Overview of Windows Firewall with Advanced Security</maml:linkText><maml:uri href="mshelp://windows/?id=1a70e8bc-19f3-4bd5-bba9-d04c432adbc6"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Understanding Firewall Rules</maml:linkText><maml:uri href="mshelp://windows/?id=9868a02b-2d5f-4a8d-a1f7-f6f1a64cec99"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Understanding Connection Security Rules</maml:linkText><maml:uri href="mshelp://windows/?id=e3c300ca-1c4c-43a3-82d1-7e4b0860b7e2"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Understanding Firewall Profiles</maml:linkText><maml:uri href="mshelp://windows/?id=aa9088cb-98f3-4c53-8270-09484edb997a"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Monitoring Windows Firewall with Advanced Security</maml:linkText><maml:uri href="mshelp://windows/?id=40413516-c1ab-46b3-b62c-d165b434974b"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Default Settings for Windows Firewall with Advanced Security</maml:linkText><maml:uri href="mshelp://windows/?id=41646515-247f-4ce4-a9fd-600bd90ae773"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Configuring Firewall Rules</maml:linkText><maml:uri href="mshelp://windows/?id=f87bdc33-14b4-4832-b190-377f16d7e671"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Resources for Windows Firewall with Advanced Security</maml:linkText><maml:uri href="mshelp://windows/?id=ffe91987-ce8c-4caa-826a-fb26d9d3f23b"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>User Interface: Windows Firewall with Advanced Security</maml:linkText><maml:uri href="mshelp://windows/?id=c243c092-48c6-4073-9b19-b9c98c931582"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual>GIF89amïp,mï‡$   $a$$$,,,0™$0<48™8<<<@<<<@¡0@PD¥D¥D¡@@@D¡H¥q0LLª8La L¥U¶$L¥ Pª U²™00PPP(UªiÎDYq™8<0Y®eÿ,]¶4]®8a®8a²mÿ<a²™DL4e¾Le}aaa@e²}âPi…@i¶8mÂPm…Hm¶‰òLmºyÿ™Yi@uÆPqºiqyYu•PuºUuº•ÿuuuUy¾UyÂ™ÿ™ey0…ÿyyyLÎa¡PÎÿ}}}ÿa¾aÂeÂU‰Òe…Â¡ÿ™u@ÿ………i‰Æi² ¥ÿ]‘ÚH•ÿqÆqÊ(ªÿP•ÿy‘Ê™‰q™¾i™Úy•Î8®ÿ}•Î•••}™Î™Îa¡ÿ™•¶y¡ÎÎÒ…Îq¥æL¶ÿ‰¡Î‰¡Ò¡Ò¡¡¡m®ÿ¥Ò¥Ö‘¥Ò®Ú‰ªÚU¾ÿ™¥Î}²îa¾ÿ‘®Ö™ªÖy¶ÿ²ÿ®®®™²Ú²Ö²Ú‰ºæ¶ÚqÆÿ¾ÿ‰¾ö¥¶Ú‰¾ÿ™ºê¥ºÞÂú‘ÂòªºÞ¥¾âÎÿ™Âÿ®¾Þ•Æö…Îÿ¾¾¾®Ââ•Êÿ²Ââ™Îÿ•ÒÿÎÿ¥ÊÿÆÆÆ¶Êæ¡Òÿ¾Êæ¥Òÿ¾Îæ¾ÎêÂÎæ¡ÚÿªÖÿÎÎÎ®ÖÿÂÒê¾ÖòªÞÿ²ÚÿºÖÿÂÖî®Þÿ¶Úÿ²ÞÿÊÖêÊÖîÂÚöÎÖîºÞÿÊÚî¾ÞÿÎÚîºâÿÂÞÿÒÚîÚÚÚÎÞòÂâÿÊÞÿ¾æÿÖÞîÊâúÞÞÞÎâúÆæÿÒâöÖâòÒâÿÎæÿÊêÿÖæöÎêÿÚæöÞæòÒêÿÞæöÖêúæææÞêöÞêúÖîÿÞêÿâêöâêúæêöÞîÿâîÿæîöæîúÞòÿæîÿîîîêîúæòúæòÿâöÿêòÿîòúòòòîòÿêöÿîöúîöÿòöúòöÿöööîúÿòúÿöúÿúúÿöÿÿúÿÿÿÿÿÿÿ	H° Áƒ*T˜ßÂ‡#JœH±¢Å‹3jÜÈ±£Ç4I²¤É“(Sª\Éò£È–0cÊœI³¦M/oêÜÉ³§ÏŸ!GJ´¨Ñ£8…"]Ê´©Óž9ŸJJµjÇ¨=… @ ¢]ÿe	+1K«hÓª‰x–n<XÆ&r]Ë·¯_ŽXX#0ÞÙ¹ÿŒ= ü/×yc„XÃ•Hã·büÝÌ¹óÁ¨Æ0ˆ€³r!B,8³hn”	daì¹¶íµQM.XúthÙcGË(ØÝ·“+ŸŠ•+·ñêþ3E·Y³ÿ†g`|ïòïàbÿ
×¬,t{&`\löÝÅÇ‹¾¾}Xÿ‘ „têÿäÁÕ€ïÇ~¢Ñuß‚¶”_bkä‘×tÂBß?ždáÉsÆ´×á@°àÕàˆ$–ô`‰(¦Ô‰*¶è"M,¾(ãŒ(=ØÞFó©4!<Z•ßšéwFØäßG°(Øã’Rå÷}IÐqóœ@E„\BV´£@]N§$“d.…EIzqµB\éÅE@^Y^‚!¸Ù]rY–¤œ_e—I–i(Rãy’¦”Æìæ	]1IešÕ	Vší=ÐqÜŒÑå)c1äQè¡¨Øj
„¦@£ÍÿIPoÆ%–”°bJ\wZŠ)P¡]Ýå©©ËÓª‹ôê¥\‰áÏj)ršîzi®§ë¬¯Æv{V1(J£ŽB*é«kÐ5-”_uÊ+¶
ƒeu8¦·øÂ„¥m5 Yrº	§ ™ùg)ø·œï^
Ë‘Tëbçk±ƒJÁºATrLÑ—m|ñÈ)å‡È½$§\ßƒÆ\¨òËOíÇßÌ4×<sÆ0çLUŒñ¼Ð.+ÔñGžˆ«3É>/”tBÕBt$ÇO_déÑù.P~Æ¬a´1°ÝuµÆå‘Ç¬k\Ù^Øc¨)È°hmv€i$6¸R]5Îí¥dÓuÿE„l‰@ÄßÝ=@ÄÿÄc8zyíæ7âÏ6eYüýÜãGf†^Ýv{k5BAioVt…vµ ÂjLårûç8}ž¢<11–ú¥¯NÝ¹±Ÿ¦Ô§w¾9º¯ìYKm’â›+¼S+å×^Úªî»§Ú»AQuZP¶éeÚð´3¦|ô±)–‡õzþÕßÑxôJÈ}cšyR|ñéþsrtç;Þk£9È¼ž•¾\‰*Ü€^û<‡·‰ä‡O™‰íê¤Ä {S®”.ÁIìƒ <\ÀdAÉ=íHh³Àb]¯ /$Mg˜J$†¼¡¡1‚Côp‡@ä¡
ÿ#òÃ ÑCìYÆÖp
ýŒ…
)B@F fƒGdàû2–°ë
!Ô3ˆÒ4‚x‚"¢¶ØdQUI
AZ5ê\pB´»àY<ˆ5˜®0cŒ‹æGÂØn.»K³CE£x¢o\Q•ÆE"„ÈB`	ÂþÑ)SAo,Z{ÀØ(6@ì€Ò~yPœ©ÈH¥5Ð‹)ŒäO~Ê™EQÈÍàÐÇ>µ=ªW¦v9G*k)±”%T&©ÀÔ-—ÙæYŠ”$Öå*˜¼$¦®@$»¢$S™;¡%ŸÙ+ºñ²H”úå5§)ÍìÍZÜtÊ7Áù-f^‹¶t"4í‡ÿQM3žP^Hil²ï‚˜„N’$¤,Î9’ôÄ=A·Ä&*JJCZcqÑHaBñdV5Æ1šÅe2m %Oˆd\YBÅˆ^Dœ	£G–K—
~óÇàbÓàT#k¨)H*ÖR‚tªxrûGçbÁÌ…0Áy"¸‘‰	qþò ÂÅU6êð¨›çˆz—I•nh¤P5„Æ5$©Y{ñÄ[:ÍØR0bë«TOsD´ZlžY jbE#7ô0Ö4
âŠYÈ4z‚O`"ÈšÇv/Ú1¢aó5O½Žæ.{!O¤öYXç¤¦‰\Fc?Ùÿç,hËƒ8Z|Ís;<ŽpãÁZ¶Vn#²öƒ6·œäÊf³Ø[oý6IoQîhÈ#]Ç‰¦:ÚU®qbÀØN`lµ•îZóÆêvë·¿šÍÄ6…ˆ>çahâDTßp#-K(y•zÖ‰$ê |k"ÔÂ˜jžÉê\à,F¸¨,)bÊüN«4²LV°OR»¾Å4P	îA¢M?øh¿ÕÊ¯v³‚PñF_âÆŽ¦59t{Í2<]dŽ/lÀ>XE-<â?öWbŠKA'†Ä4f`JØ@eãÇxòW›ísB€Y‰*._i1‰¡¸ÙÿÍ2PrA
 2þ9Ÿ"qæ2õß É,mRgÝIbRÅ—ótcPÃöpLtQsƒñf°ÁoŽ3Aœ2|íÓ µ¨‹6†ã¹?	«W°¶ržõ2FSN.TÓVMGDÇK]ílš¦(<át¸A80@àQŽlÜc˜†³œ_–TàÙÐŽ¶´§]Sƒh4úJ£
R¤VÁ:m²nO³À(©[÷r˜Þã)¡[tä* CÁ Å4ŽlhZeOxF~«¤<÷ªâ†aÖ»Þ@cI3Z%ñ+¿dÍSå¯HèÞU§Þ&i9
´°‚.à-ozgzÙË÷¾G\ªD@Qÿ^‘˜§+ÛJ]1ÎÄXØ©É¼§`ç>KËõ¶¹Øjç*º8-Žp.lüGöÇG&ò‹üV1©3Bt¬©Ûø"N‘Ð‰Nô0<£HŸ·Ò•m±¦[¾DØ-†)²õ#ä€ëixÆ<j‘ôzË@ø2{E8¼ö‹l}àÀÛ‰ž†oÌ½înVÈS¥wŠ\¸ïù;
(qÁÃýåˆEÇûÐàÀ[ŸÈã
y!Yëœä²ˆ	Œ`ðG¨C9Êñrø£ØèõíôOä˜
™àA²ä»^ û¸Ã^ÏõAìÃ
’hCîw?rŽ¸^*Û@<±†“Õ«k³s"ÿöþ“¦Úñ3¸~EoÇ	!}Ýw+ôù¡—îF2Yð&}c8j²9ä+À9ñp'â>êgw3€FÀñ7õG}½gcGB\Ù(k³…r*Ûv;sR‚
òKu¢S³~±
ÈòGÓw¼wv>5ÁãºvæF,ì¡$š¢‚¿‚k>ö€8!ƒhƒög,øóD+ñƒ¢r„ÜÚ³+Fè+-øc$ƒá„4¨7¨²°
lÐ†U p(mÈ{°x?1…qg‚Þã.æGIò$JR>óƒ&ô.J8t9pËÿpfXƒXlˆmöf˜˜‰ofR°xçxøO·*Ô\g6hÀc8$DU‰¡Â'|wòjG#>àf(`Øƒ3(‰i›l™X_ðdÐ
Ê¨Œ‘pŒS ‰ð¸¡¸£ÀG$b˜/¶øf
p	ß`\7 æ0‘ˆ†Q¸û°GöfS
ëðú0óðÓùhxóPÿpÑ	Ï¸‰„7QQä{ÁT‘…/Ó‰ô°
Ì £ã(``é…,s`o6YÙ€t¢’*¹’+Èð
õàÑ@Œàl`4ÿ	qgi
 ‘Û€
))o‰‘G0#0g
¿¨Ž+!"i
 üÐ¹@
,¹•\¹’¨€û°› nf“8:‰<Ù“ñ“A9‘DÉ’òVŽàD—#°Oé‘«ð—{0‡›ð—û@lF•§Àä 
]Ù˜Ž)
¯°
ûàP–{ iyk	yðp‹	—Ž‰
Ûuy—ow†|Ë°UÐš¨‰`iUàf-pÙ—™›\)oü •‰dg¹™)F
É–±&ð™C©›¢ šó0\÷„“¸Ø@S™‰"pŒÎøš@úÌž»ÿ9
ü@n¶Ÿ(œ9¸wÅiœ±
nv )ž¢ 
ä€@t¨9A	4)l}
…ùþ`öèÿ°Ú
Ï(ï •ô¡*I
ïà‰·,1œ±™kÇÐþ¿ ¡)iŸåPûŒ!+ðf-°ü°å€àÙ˜±ÙàûP$Ú£¢0odiªJ¦`Vî9ºíwõ=åàõ•_ðf}ûÀŒIŸ±@	>*¡±°Eàf›@¤ëY‘¤1`úGÖ0w$ú÷àVJ¡0•S £Pê£¤€õ #Z¦âÿI
úÐ@
)Q¤pú²àf8p
Ã`§…75Êœ¿PÄ'À¥ÀŸÿ°n–ÑPŸÊ¨¢à’°*žªPªÓh”Z©A“>p
ºÀwŠ™—›¡:ª¥jéP˜&á¡Pû€e~À•@³ºŽù
÷P™&À«ž±«G±9lPpø®-š‰&ð®phil
«Ð‹ö±—öfEÀ´ ¬²W¬\y¬¤Ê’°¬×I	ÿ@	En&”€›>,™)I4°’ŒÀŽ	«’û˜¹šèE°çÈèÚØ
l 2œÜY³6ÿ‹‰
‡d°æzXz‰È® Ž²·˜+i°¥š°rp&°
æl
àd m–gÀ¨+
pp\[àpL 
\{’@×JÐµ»µ\K`+¶ŽYË0_Ðyò:Â -Kêºo´'‡mp¸‡û	¼°¸Œ»¸€¸‡ë2ðŽÜÉ‰s°
ÁÙE´ZÀ£ Žƒ‹‰´; 	ò õfkj"Yõ0£@
ì U{µ=šµp– 
Lp¢0²¢ Ü¼cÃK’°±²dËÀšÿÐó ô0Š¤nf{Ûðÿ@	ùš ‡Û
¼`ûà
Þ ùµ¿ò¿¹à¾ÓP
Þ0ü°¸wÐ>àš°)”°²
Rà`à¹9þ 
¤Zºç@+’*2`˜€HyVà
ì Á`µ$Š»¾«µ¾¼×m»±Yû»ëÂ`«ÂÖ
Ñë˜Û°
*YÁ`{÷
izžCJß›¡@4‹‰&PwÀö`í;
¹PË¨¤¿Ìp¿çð¼Ðo¨‰P”¹}aÀÞíÐ	PÀX°¥ÁrŠ£\g£ðÁµ¡$œ’[ëÂhë±+ÙÂÀ«±`Ë’5l£ÿ¡-ÿ™
ú°rzž,CLæ@Œ³8ÐÅðâP
Ì@w³JŸµ€Ðà
ÿ 
{ÛË¹ê?érÐî`ç˜è}{œÐß`—t\ÇwÂÐâ¹Ç&ü»$ ¼Éœ’Ù*È/<²°)É–@Ëœ›õ@¦]í°ŠðfR Æ	1ÉÑŽžùf*ÐÅÀ×@£*=Ð‚Ê,ù
ÁP
ö 
}à„Ûs ¯®L“
ZpË¹\¡`à¿üËvÌdÐfÃ¬›ÖŠpp¶Z{¶ŒpÜÚ¶\ËÎœ±·mëÃë˜ÁÐ¦ü¥¹×³ãÜ¦5ÿ±	R´PÀíûªôÙ˜ˆóLÏõŒÕÀÅÐ¼½„@À|±
—Œ‰RÐ1›õ Ž
íÐ£°d€iMÏ€ÌœaÝ¨û È©
óàzKªä|Øð×©Qp
ö
YY¦]`Uáà™BMÔ\ÌpÑ ×˜ˆ‘üÔ·èS½“ÛY=ÙvÜ¨k_-Øš’È0Å9
û@Œ8ÐÖñÖ±
?ìfEð	÷
‹
«6`ôˆåð×nØ›Ý’Ó`¼PõÖ‹@ÚËÙ“]ÜPÐ	–íÕÄœÛÌ›¯ ‘€©Â]¦‹pÄ°öP
ñFÔ±ÿýx:´mÛ€ÛÍ-
µ
ûð	QmlàÔÉáP¾\ÜY}ÜÉÙT
çÝßrIÑíyÓ=ÕðÀ×‰°È`ÖôüÝ„gxÁPÛ€=ÔýÞ
Qp‰
ðØÊA
ÍÐömÜÈ}Ù°ßþâ¢ànæ3Íüšlt
×P¨¹
á3ðvi@¬NÞ(	)Ðp!	ÎðÝûÀ°
a0âö}Üïp˜vâüâçÍâ@¥MÓ%±Sé{pÐð
ý
á —o7°¿@á˜]åþý•ë@	ï¨_pä!{Õ€ÆNNâQ>å(nåÌÝx”Là\ÿþržxlÀàž}ã²}°
}àzi>äÀüÐt è¤ëÐ_~“
˜Öf°|ÆÜç¿åRnT.è›
ú@–+0Ý.¡pÄZpÌààçmæJ–|ïwP’€	Ðé².
Ä°|lp™±m&÷ðP“±Ìç¬ÞÐ®è•ÐìD]²nFíQàðpÀ-nÎðèÁé“Î~g 9ÌàÊÎìÍN
ÏÎ—¸‡Žðpd"°à‰›pÜ®êßîðç°K0îä>«ßp	*úÕ¨n¦ÑP
_*ëÂ^l0ø®ïË~ñEYØì®sÀÁÿÖ®Z”þ€]0
ïíPþ˜FñÏò=ª
ü ¦Ôè±æ	”|à
>-è%ÿ¬(ŸïûNô)‰
ÐÐ
S)ði¡ª 
Ôª’_—’9¿ó«ÞóGpÜóô_ñXO¢í §.žîJ_²À OXoæè.'ŸòW÷¢æðò1_û ’à(—Ó°’gŸê<¯ökß	ó êo?ô„¯›¿°nFÕ“
ðôdÎò @é9À°loõ+¿ù¤°õ]oçK±	TÉðÎ’‘ßíißóPà—/’Ð@¾ùºédÙ½ñ½ð@Œ{Oô§Ÿú
þ¬nÇ(Ð·¯ÿ¯òü¾ù†Ïî ÓK1›Š@âÙûOùDçÂù`üÈÿ˜ó¥‰ßüwÂðŽZp
¥OîŠ
BÝ&*X¾QVŽÌ¸ÐCÊˆ4ÌÜ`2@GÔFŽ=~RäHQ¤ 5R`@¡-]¾„SæLš5mn0 -!É]&p §]'(GŒEšT©Q'Žæ5²`AH<^Åò[$E^>ybÓ&¥”
9#•UU
"ìHê™¾†%P´ˆQãZ¾}g‹j Ê>±…
¦	Ï€}¯úú*”èRÊ”›>:µj_Îk‘3`âkXÄ/¿,¶lVgÖý|»ó£ÿÜz£Š©x1ckÞ#ciS±x…¹ÒÅÏf Á?Öƒ½]Y:S§P¥RíÝc0mGß‡c±m±´÷]b@–>Ù"IM£%·ÞóõE¡ºfñlÇý§ÄöáÍ9É¢›®²Ë¬ÓÌ>Þ¦iÅ€¾+-¼ÅÀðÕ²aƒ}ô™&-žÞ«mÝöÚ°7R˜	%¥
–ù/ÆÃ1à‹y²3º§[03ìRäBd ð0
¸ƒ ³²Á}ÒDIÊebN\2;[XIÉad³&6j¼Q»'ÛQÁê|Ü,K«¶2À‡";òŽ^Ü¼ŠŠ8Ù¡J}ž™ò£XÊ)GŒÿl!d7<[«…K ¾3Ò—Æ$ãûÎD0Í¤z¼®ÍEAjg¤˜Ó¦:ïü”$P^X,
vFñA	5´”s¢0`PReÑ.!•4Ò=˜¢ž
1ÕÔ²êpBÀAxõhŸØ£TšN…–'AD¸ðÕ4hao£AMÂqp5…g³åÌ×Gƒ4ÀLq ÈÄqÄ‰d—jÊOp2ÀÙlUág1`ÿË0ëUvCâäŠ0@%0Øé$
]ö©§P,l¹fát×}¸]G7 ^eYŒ9 Û2ÀBÚÉwß¥™ç€N•;•`JX,2v¸dÞ(…ŽT’¬iÿ°H¦‘y6º3wW Låÿ°YŒU²„Yfšõµ9)œu^k7ChÒj
°+h²ö¨@pá
ÎÈ ²{îéE†¶IÆ»³YYLN¯ÿK	ž\ð,›zÐLû(œg1a1uÝŒeŸÅ6‘Û¦URRáš@ž	J(ƒ“Î¸À
jè4ñì˜ÑÏ2÷oá>Êùæç0Ïüˆ:¾¹¥ó‘—„[´ÒiÂÆ‚ºYýaNÊHúŠIxê"~Ô=»j‚XŒàp¹ì—4þÀäZ¾yÏ?ï—uF©Œ1®íœ¢á¼½ÁJcZùØEŠntN0Zböa=@Ëxw(GÍæ§<ÿæ9ïsç‰Å=šâŒI=µÀ["öV¿)°dªˆFT&AÄTLì*["Î¶AÚïy½QE=¦¥Y”F)aƒ’Xw…×]Av.4Z."d€9Ðð0«XŒ9ÚÃ«îpƒõó Š8S¥"ðO,²XEöÑ¹ˆã}©Bð=(â
RPÉÁ¬XÃ‰@zX%–°€˜éPƒóãb> FTlã*¤È<¸EE±lÂy£:Šaž‡o…¨£îHaŽ¨˜ k{¬	6RÒrdM„´€!Ñ†Htøp‘ÙF6¬ò}¤b1
¨VM,i1Yn1RPb¶Tøº†RwR\P)–aÿ¿ÐÞ_YH/ÒÒ–tØ'E}¬C<è@i2L€ÛøÅ;´!²œZ–`b	®`‰ÞtÁTØ•3ysG•¤lš4Y2°lfë7èH™¼:ÔÒy-°'HHŒ}h£Œ‹ùÂ)cÂNwn¢Ô:ÐõJ|*Ž< ckÎð“Å0 mÍ(£ò…ƒÖdÖkC³|D¢³¤¨E“Œn$äø‡6¦Õ8=¾„¤ï<iG^AxÜÁ=ÀS Ø·Þ(…ØG!¬7¦â”/ÈH”ÚÓ˜¨BuPCCBÔH”‡ÊCG/R°Ô3lÃðPÄ©ºN–4«ÿ‰§?:ð,Mb…ÍdÓT²‡{„h÷ØCJ˜êV¾b;¥+Mìªx|ã¬¹F+÷ZT‘lÓhÇ þZÑcÖ"˜J¤PU—\Õ¤#ùE;l‘„tl€²)Âg÷øÙA ÀbôGÞC0¤„¥¤U\šZäXÏ—à‡¬ÎC
}¼ã}|%É67€‰ÜîÅÀÝbL°‘ÂÄBíÄ*r•›„œ ¹ÏuÐKÈA°ÊQXÇq?ÒÈuØðàÍŠiQK^™£KF=ÄÙ›Xü£Ùƒ/OäK_Ýò°î8Gw
a ÷pH’»ÜøÀÒß0ËHØ qð ÿÇØD¢Šoü£ÀpVÄ+WËdlH	±îQ`¼v-±ðÇ=’b«¬¸¾ÉÅ>l!	g\C
XMÆDw|cÄÙ1{ìcçÖ§u¯‹]k*Ñ(åPrHb±w¸!2€r”yZjUy&Ø8'±´árÜ™3ªðÇ>Eæ«˜¹ÅÉ‚9$Á‚{a
L°±Š1±ƒË+
9’ç=ïùÇÙ‰X÷bÚ™3RËh‡§;‹o€Ã
~t¤%mgœf†––I(‚›EÜcÙÕBŠ§F5û˜ÜFHS'bèõ	4¡Ÿ8»d"[Œ’k´ã¼ŽwÿÍOò”¼ÅZ ŒwèZÑÍ†w£=í«Ä4€ ¶³]„,(ã Ì<¦ñ‹Z¼V¿ÈF=þXÅâí@áº³ÒîuBß8jÔlà1N}°ž¾’w€CÏxŸ[³LjG(„>ìüppD|Ï§¸UÎñáßi<1„øðbÓ€/´bôx‰?æ±öyøƒëÅÄ>w*Òc? mghn}°:àÿ•92yìr0ãsúQ2q¤÷zà}™D>èô§·!ýF¢EQrTéXÏ:I˜ÑïxÝ&²`ƒÌKw±‹à¯ÿBàènB˜C	]~ðÿ„rt™5{OJˆÑxÀ‹ %&XFÃ7I}p!)‹o¼¯•Ž•fn/isÌN%ìEHËóÈ|-Êá/Dô¡_²9SoÓ‹e” ƒ:Îú¹¯à›€L6û ãø‡r@e³Š‚6pS
U`<œÓ¹Ð…zp8ŽÈçC
è‹>>[€àÀü·áˆ2¿ñ$„ì€„AŠ™/ˆŠîÓœ~,ÈÀ8?ô	oŽ*h?ã@£UX…E`ƒ dƒE .˜)è¿±ëƒbØh‡i†’sZ@†o˜‡‡>P¬ýPÀ£Ð…Œ7IPß±’¨À:p£À@ÿ,`Ã6tC,‡"9¤Ã9t(ŽxxËÊA ´‚ -;È„¤ …g›Á´Á@†>@§ì© L[ª9h…q@»P;¶ó— ‡bˆ„/ØÂ!‰6°žù:³/8H‡¨ÀZ˜‡lx,Q¨@@@‡º€>=¨rðÅ_Æyð†a$Æa<‡S0€¶Š#>Ô§éj
P0²Ð8dH‹÷Ø‡CDŠDœA„´F‰Zà…ÅÈ?ID¥„‡E(‚À`½€½/˜$ú“Ús	x@Å‚`1@‡€+-XL„Ë ÅŽ¨À#h
kpè;„iàp4€›ÚˆDH>|kÿ’Ü"QÈl<
m\ÄnôÆ {X?r,Ç¹á9J¨PGú»ð6Ø„¹z	zLEúª‡òÛ3Iøt2ÌH@ªÀ4ˆ„TÈGÐƒ¥dJIØI`Ê¥4„ÍG‡œ„’H>äì¸€ø×‰iÈ+HÃ#ðÈdÄäˆ«4“´¢ ¡	¤!dJðAu2›,ˆOxI`C=ÒsÆñGX€‚¡¬@G@‡L(
¤…£+°pJQXµ=cªlHQ°¬”H@‚@ã	k.û±¬¨º8KóIµühÀ¯pK‚KÒËh„^èBŽÿ,*ÌP8ƒ» H§h¾#€‚Lx†ƒd¼„ŒÌ=£ÌŽx¿;ÌdÈ.à„â+gÌÒ¤†#°YÔ+QËãD‡oQD´|MØìˆGŒÄÚŒ Û´"½œ»*È?áˆ3s0‚˜‚œT¼çTHÉœNŽÐëÄÎªL„76ûÏ#È#e€¹K²$H³lO×”6øä‹Gú\ûÜ£}X…9ÉqüþôO—à€!pUCNé¬ÌÅLÍtÈ˜„7€©ÞÏ0¸P~C‡XK@pU¨ÝÆ´„MTPè}å0e¿–@ÈÑçãQÿ³Î L -0V{ÐÍìˆ"Ý>œPÎÏ0‚E¸&¬zÀF@À…0hÍÆÃRØ<S/
0%/
&—(Ó3½À4¥LœLëÜPH‚8µJ#ÍJ>|ƒ@ ÕR5ÕSEÕS… =m	>õS\àH£(ÔÏ{OÝˆ	2cT•qÔÔâÏà–IÕÑ#€L1¨LL•Î€ò!Å§P•Öi¥Öj`UWu	>L˜U+ýÈÅUQXœX„^õU”´4–i„QÐˆ0â0V4=èôfeÓ<Üˆì|È+ðL‰ÕTØ
„UmU#€	6oEÄ5Ô[ÅU¤$ÿtmTu²}P˜™š	80Óc…LpÓ{Và×ŽH•È;í‹<„]ØoÕ€;TµôÃ‘&Šu	%À‡ùÕÔ’œ0›|‚X€ ÔW…œÊ(ÙVãˆ©LÙXYpY¾Ï!à€8×–PX†ÍF‡µUqÅUÙžu	h µXl[¢ÝX'‚#XÚmÚÈ|Ö’]Ó½Ý!u“è€zÐ-aõÚ[š%[›…X†2"µý¶u[“ŒÛ˜™Û»EÖ4=Ní10fíTOu“ôØ€Op‡ÂíZ˜Ù†½ÒÆ…Ïœ5€U[Êý Å¶=ˆ
³™‡ÿ0 Wè”Ìë|Z|%ÝÒ%¤ÓÕíVÅÍ@„sØ€×Ž‡Î©"Éµ]ÿÀ]lÛÝ™Ox•²„LÉÝŽ`Öâuù:…äUCæE:ÊL9°*˜^Ž(WøÚÚmÛÛ}[IìÞ¨p2`Wp>èÓ„Ý³$Ð×Ë|SÀýõM^±íÈÅÝM8ù5¶ª_Žà‡” ìÝ_íí_rÜBÀ	¨>M°x@`}ÊÒª}`Ü€SØ‡Qp]é´àîÊà!Ý`QHÔU0†x€ø‡5x€%^ƒÉ‚`$†‰ì=Ží•ÄEp;hƒ¤ŒÊ¥|„§übªJvÙ&ÿ¸…oHƒ	î±
Ž±”¸ bUP?ŒûXx€–È‚€<~bÿ (Îã)á*aúÜcZŒ.^È2$ThPçÓÆ° öhbŒ;ä=n	OÈãXâ?&‚Rn	D0âˆ—ˆ$Žch‰Yþ‡PbÈƒ0† xZþ‡S~€'Æã˜ bã°b·¤5,‹ÿ¶2ã@‚u\0[‰Ñ’fMÞfð*é9æer, ‚T&çh‰ðQæ†Èan‰@n	>¾gXøhbDdX Df$Îv¾eOç—HæâXfúü(—„èÿ¹c}-™[2ØyX©nöæ¨†…‰ÜqÎ`^bnPbOp‰ ‚,È‚sŽ?Ž	{þ|ži}–éäcVi–>ç„^ÛBVæCîÕ}€Dƒ&X‚¤Vê¥fê¤¦üÉAx
P$1êh°‡¨&‘æc}n‰5`g@è>Ž‡h™išÆç›öä–8f²îcXˆŸn	€¼Öë½æë¾Þë2\™ˆŠOÈHŠ;°«¾êŽÐRƒëOä–håˆ‡@]–ì50è˜Ni¯nk—ÀéÇ¾eÌ¦l»ž\ ì0Y˜/PÈÅâ_@F Œxøå'.çv~é`gÿc €•>ç™~išÆítÞãS&›í·~kÞöí,0í…Nmð×âÑ#!¸îcÊ¦g¸vî—ð„yv	XÈƒx†‰íþOXnf¯¾ã– gzoaîî»FíèŽ–1sÐ<ë&ÑûíºÀ†nüþœØõòo5Q(Â^p?Ž1é€sHð³µ¡Xðû†ðãX†Åˆ¬ð¬Ó°‰MíßðâH(2H¦oDN¦Iý=ñ0I°ÉÇü6ñ?sH‰S8O§8T8‡”Èß×p/…1qrô«¶˜é/VrIò'ò"oKüF„Ÿòar'·ÿ8€3?&Ð «4?s?à‰8À
:os°‚E‰r˜ò0t›¸ò,¯€3Ïë>ï« 4—s’8°ó«ð8ÏŽ€ƒDÇ"O‰HôR‹1·Gß
ØpôØQxó70ƒ¸õG€6×€¼>Wß]ÿuˆô<ß?8 ó`„Ð_Çtfwöˆ€`:Çv9s9×€èõ]¿ôIïóiŸte×Ž?tSw÷—¸òK(lÖpt8€ƒKïsV‚{Fˆô˜vI€¼ö&Ht¸t&w>ß‚V‡ƒÿ`WsŽø÷3ÏöOøKwuVovD·wIwöV…K'…H·óKvIgVÿu3vØÈöóx…hõwÇyšX‡Z¤÷½&pt6x80ùÇt¤¿w0QøôU…'vuŸø¨xhó§úà§Kïø<¯wPWú£×õ{¯ŸúƒoúúX@Ïù¹—µ”Àk8GÏuú¯gs6ßó¤{¥|¯—z‘ÿû·u®÷tÆ7üGWúO'û:7{±G{È_{³÷:ÏkW×bàƒô¡ûÑßÖÅwíPuF@t5Oø`?@{ÁÇô«§uwtK°ÿV÷|3˜u‰ç{{·sÉwzPGôYÏü6ˆÕ{Kpt|ÌÇt¯ßóhß©ïšO	Ú$}Òž÷ù¾zƒ€MGtGÇôØ?yÙGthoûIGzôÇz¾ûá‡zƒ—tŽ·øó—s& ö àˆ:@TÁ¢@#B€ˆ˜ ¬hñ"ÆŒ¢¼©0`ÁÜ¿"G’,iò$Ê”*W²léò%Ì˜2Cšs`Ç5:wÂ!ˆ°§¥Ÿ4˜øeÉ§¤>E™¡aÆbÏ¢¢ü²áÑž=GªŒ’z@ckEFU¥EHvêR ^‡2Úi7#1>Pšé÷/àÀ‚ÿ.IioŸ^w3nìø1O³'S®XK–‚›…7sîìù3Ë"{Oåªlú4jŒ–œ¦nQ•6›@‚®mû6n—ûLPP,–ëàÂ‡·KêZ‡Þ²r3oîÜ66£©*ÎøjcìÂýÔuÛÝºñj2öö}nþ<z¿˜
˜èF
üN
@¼JŒx÷ cü«îpà@?Ÿ]Îh±é)¸ ƒ'f@Õ¼GàEfHŸFØ¤ßTq§‘T¢Ð@F!@‘ˆ$RˆQ/wìUDƒ1Ê¨ {éÍ„+ŠŠpp(bÿP—BÒ'ä¢0òß tL°…ñ¨Ñó)9 ÿŽµ¸×
ûÌ8&™ÌIa#Ž]ê¸ 
NŠ¢‰<µ}Am1`Z^	eA11àˆ:ùøÝ!®ø%{ð”ù(¤ŸiÀ9¸æ…¦XeEPr‰çê©€)jdÉD xŒšàh¤±Ê*Ø¤•®ˆéEšŽÈé“^}zP¨¦’ê«©ùˆbE«êè*¬³:û,L5Rz
*~êc®*ŽJ#Ã`ŸýI,±4€‘hwÀwà‘âŒ‹B;/½+±±—
ÚÔB =Öw®$2áDGþW×’ÿÉ	å…pØm¸A$Ñ…KR¨Ê5Ê[/Ç4Ç^ðB|~|ÚXÿˆQåa»¨õK`-Út´±Ç5s¼‰M’¦u$È9™Êð
J 1¼ä\…˜6+]ï2ÉPD7ÕYÇ*ÊRí)Ð²—„,ýu½ðø°—	ÚÓ%Úi_‹8¢°0`ËMï½8pÉ5¯¨½7…ïã´ÍÎ=ø¬8ï…C4$ó½øp¹˜£±l>ù³æàÀ5ÞèÍ8ç¦eÝŠtt°å¥ÏºHÎ*DƒŒ¥»~W0æLjI›~{¤æŒÝÛæ ó:ð:å"%¡Ž;ò²†º„¬óKðÑ‹‹7ð† íÉk_&<_döö)Þì+=çªTÍx‡Ç½=ûb3»
¼\=ÿùjÇ9n³·JûýG*ÌåwŠu°®~+
†7¢…½¼<þ{à£V±n€ð€Ææ8T ÃŸ˜™Ýö=’pL¡`oª k£u¬L- qŽ=„îm,!ÝW…œÝä÷€ý^™ûÙƒQøÞMB‘Ã%F
„Ø…Sìã¢]^ÁŒuD£
5t@°ÁÄ1Æ*E@"yah£ZX¬)r1sh£
Pd 	nHÆ=6q»Y>qL#.^,˜á
~´‚NÛKæ F>RRVæ Dúðø…VðÃ…”çHQfTƒÅ¸C&÷²/,£’®è|6öà$â«
0G'§Œ+R(Á˜†7ìQÄ;Ì’`bÃú^©LhÉ‚
©äš¾°^üãÞ¨Æ4¦Q‹ZÒ1¯¨Å/éDãmA
5¹‰.³ÏÚG(È Z2°2(BÚÀ5þÃÞø'@³)Ðl üø‡6xA‰6|A 4¦VPJÐÆÙ26ÁÜ¢Æ´€B*Ò|’´
òiHé	QÈ€”HæEc
6x¬bl‚&èÑòÔ£ õæ°ŠŠÊ´¨¸Æ*Á†¥2¥"%S—ºˆULrp;<maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Connection Security Rule Wizard: Tunnel Endpoints Page - Client-to-Gateway</maml:title><maml:introduction>
<maml:para>Select <maml:ui>Client-to-gateway</maml:ui> on the <maml:ui>Tunnel Type</maml:ui> page if the connection security rule is for a client computer that must communicate with a remote gateway and the computers behind the gateway on a private network. You can use this page to configure the IP address of the remote tunnel endpoint (the gateway) and the computers that are behind the remote tunnel endpoint on a private network.</maml:para>
<maml:para>The following figure shows the components that you can configure by using this wizard page.</maml:para>
<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=52c6db15-ed4e-415c-a077-ce2a57486732" mimeType="image/gif"><maml:summary></maml:summary></maml:objectUri></maml:embedObject></maml:para>

<maml:procedure><maml:title>To get to this wizard page</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, right-click <maml:ui>Connection Security Rules</maml:ui>, and then click <maml:ui>New Rule</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>On the <maml:ui>Rule Type</maml:ui> page, select <maml:ui>Tunnel</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In <maml:ui>Steps</maml:ui>, click <maml:ui>Tunnel Type</maml:ui>, and then select <maml:ui>Client-to-gateway</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click <maml:ui>Next</maml:ui> until you reach the <maml:ui>Tunnel Endpoints</maml:ui> page.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Client</maml:title><maml:introduction>
<maml:para>This option is set to <maml:ui>My IP address</maml:ui> and cannot be changed. </maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>In this scenario, the client computer is serving as the only computer in Endpoint 1 and is also the local tunnel endpoint.</maml:para></maml:alertSet>
</maml:introduction></maml:section><maml:section><maml:title>Gateway</maml:title><maml:introduction>
<maml:para>The gateway is the computer to which the client sends packets that are addressed to a computer in the remote endpoint. The gateway receives a network packet from the client, decapsulates the original packet, and then routes it to the destination computer that is in Endpoint 2. You can specify an Internet Protocol version 4 (IPv4) address, an Internet Protocol version 6 (IPv6) address, or both.</maml:para>
<maml:alertSet class="note"><maml:title>Notes </maml:title><maml:alert>The IP version of the address at each end of the tunnel must match. For example, if you specify an IPv4 address at one end, then the other end must also have an IPv4 address. You can specify both and IPv4 and an IPv6 address, but if you do so at one end, then you must also do so at the other end. Also, you must specify the same version of IP for both the remote tunnel endpoint (the gateway) and the remote endpoints behind the gateway.</maml:alert><maml:alert>The gateway computer is referred to as the remote tunnel endpoint on the <maml:ui>IPsec Tunneling Settings</maml:ui> dialog box, in the Netsh command-line tool, and if you select <maml:ui>Custom configuration</maml:ui> on the <maml:ui>Tunnel Type</maml:ui> page.</maml:alert></maml:alertSet>

</maml:introduction>
</maml:section><maml:section><maml:title>What are the remote endpoints?</maml:title><maml:introduction>
<maml:para>The remote endpoints are the computers at the remote end of the tunnel on the other side of the gateway that must be able to send and receive data from the client. Click <maml:ui>Add</maml:ui> to add an individual IP address, an IP subnet address, an IP address range, or a predefined set of computers by using the <maml:ui>IP Address</maml:ui> dialog box. To change an entry in the list, select the item, and then click <maml:ui>Edit</maml:ui>. To remove an entry, select the item, and then click <maml:ui>Remove</maml:ui>.</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>The gateway computer is referred to as the remote tunnel endpoint on the <maml:ui>IPsec Tunneling Settings</maml:ui> dialog box, in the Netsh command-line tool, and if you select <maml:ui>Custom configuration</maml:ui> on the <maml:ui>Tunnel Type</maml:ui> page.</maml:para></maml:alertSet>
</maml:introduction></maml:section><maml:section><maml:title>How to change these settings</maml:title><maml:introduction>
<maml:para>After you create the connection security rule, you can change these settings in the <maml:ui>Connection Security Rule Properties</maml:ui> dialog box. This dialog box opens when you double-click a rule in <maml:ui>Connection Security Rules</maml:ui>. To change the computers that are accessible behind the remote tunnel endpoint, use the <maml:ui>Computers</maml:ui> tab and configure the settings for <maml:ui>Endpoint 2</maml:ui>. To change the remote tunnel endpoint (the gateway), from the <maml:ui>Advanced</maml:ui> tab, under <maml:ui>IPsec Tunneling</maml:ui>, click <maml:ui>Customize</maml:ui>, and then modify the <maml:ui>Remote tunnel endpoint</maml:ui>.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Connection Security Rule Wizard</maml:linkText><maml:uri href="mshelp://windows/?id=2318ec3c-e196-4a43-9d79-70ca7c52194a"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Dialog Box: Customize IPsec Settings</maml:title><maml:introduction>
<maml:para>Use this dialog box to configure the Internet Protocol security (IPsec) main mode key exchange and quick mode data protection settings used for all IPsec negotiations. You can also configure the default authentication settings used whenever a connection security rule uses the <maml:ui>Default</maml:ui> settings.</maml:para>
<maml:alertSet class="important"><maml:title>Important </maml:title><maml:alert>If you are configuring Windows Firewall with Advanced Security on the local computer and you select <maml:ui>Default</maml:ui> for any of the settings, any Group Policy objects (GPOs) that apply to this computer can specify the settings.</maml:alert><maml:alert>If you are configuring a GPO and you select <maml:ui>Default</maml:ui> for any of the settings, any GPOs of higher precedence that apply to this computer can specify the settings.</maml:alert></maml:alertSet>

<maml:procedure><maml:title>To get to this dialog box</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, in <maml:ui>Overview</maml:ui>, click <maml:ui>Windows Firewall Properties</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click the <maml:ui>IPsec Settings</maml:ui> tab.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Under <maml:ui>IPsec defaults</maml:ui>, click <maml:ui>Customize</maml:ui>.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Key exchange (Main Mode)</maml:title><maml:introduction>
<maml:para>Key exchange settings you select here apply to all connection security rules. To ensure successful and secure communication, IPsec performs a two-phase operation to establish a secured connection between the two computers. Confidentiality and authentication are ensured during each phase by the use of integrity, encryption, and authentication algorithms that are agreed upon by the two computers during security negotiations. With the duties split between two phases, key creation can be accomplished quickly.</maml:para>
<maml:para>During the first phase, the two computers establish a secure, authenticated channel, called the main mode security association (SA). The main mode SA is then used during the second phase to allow secure negotiation of the quick mode SA. The quick mode SA specifies the protection settings for matching TCP/IP data transferred between the two computers.</maml:para>
</maml:introduction>
<maml:sections><maml:section><maml:title>Default</maml:title><maml:introduction>
<maml:para>Select this option to use the key exchange settings that are installed by default or configured as defaults through Group Policy. This setting is used for all key exchanges. For more information, see <maml:navigationLink><maml:linkText>Default Settings for Windows Firewall with Advanced Security</maml:linkText><maml:uri href="mshelp://windows/?id=41646515-247f-4ce4-a9fd-600bd90ae773"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction></maml:section>

<maml:section><maml:title>Advanced</maml:title><maml:introduction>
<maml:para>Select this option to specify the key exchange settings that are applied to all key exchanges. This setting overrides the installed defaults. After selecting this option, click <maml:ui>Customize</maml:ui> and use the <maml:ui>Customize Advanced Key Exchange Settings</maml:ui> dialog box to select the settings to use.</maml:para>
</maml:introduction></maml:section>
</maml:sections>
</maml:section><maml:section><maml:title>Data protection (Quick Mode)</maml:title><maml:introduction>
<maml:para>Data protection settings you select here apply to all connection security rules created using the Windows Firewall with Advanced Security MMC snap-in. If you need to create a connection security rule with custom data protection settings, then you must create the rule by using the <maml:ui>netsh advfirewall consec</maml:ui> context. For more information, see <maml:navigationLink><maml:linkText>Netsh Commands for Windows Firewall with Advanced Security</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?linkid=111237"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=111237).</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title>Default</maml:title><maml:introduction>
<maml:para>Select this option to use the data integrity and encryption settings that are installed by default or configured as defaults through Group Policy. For more information, see <maml:navigationLink><maml:linkText>Default Settings for Windows Firewall with Advanced Security</maml:linkText><maml:uri href="mshelp://windows/?id=41646515-247f-4ce4-a9fd-600bd90ae773"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction></maml:section>

<maml:section><maml:title>Advanced</maml:title><maml:introduction>
<maml:para>Use this option to specify data integrity and encryption settings that are available for negotiating the quick mode SA. This setting overrides the installed defaults. After selecting this option, click <maml:ui>Customize</maml:ui> and use the <maml:ui>Customize Data Protection Settings</maml:ui> dialog box to select the data protection settings to use.</maml:para>
</maml:introduction></maml:section>
</maml:sections>
</maml:section><maml:section><maml:title>Authentication method</maml:title><maml:introduction>
<maml:para>Authentication method settings you select here apply only to connection security rules that have <maml:ui>Default</maml:ui> selected as the authentication method.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title>Default</maml:title><maml:introduction>
<maml:para>Select this option to use the authentication settings that are installed by default or configured as defaults by using Group Policy. For more information, see <maml:navigationLink><maml:linkText>Default Settings for Windows Firewall with Advanced Security</maml:linkText><maml:uri href="mshelp://windows/?id=41646515-247f-4ce4-a9fd-600bd90ae773"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction></maml:section>

<maml:section><maml:title>Computer and User (Kerberos V5)</maml:title><maml:introduction>
<maml:para>Select this option to use both computer and user authentication with the KerberosÂ version 5 protocol. The use of this option is equivalent to selecting <maml:ui>Advanced</maml:ui>, choosing <maml:ui>Computer (KerberosÂ V5)</maml:ui> for first authentication and <maml:ui>User (KerberosÂ V5)</maml:ui> for second authentication, and then clearing both <maml:ui>First authentication is optional</maml:ui> and <maml:ui>Second authentication is optional</maml:ui>.</maml:para>
</maml:introduction></maml:section>

<maml:section><maml:title>Computer (Kerberos V5)</maml:title><maml:introduction>
<maml:para>Select this option to use computer authentication with the KerberosÂ version 5 protocol. The use of this option is equivalent to selecting <maml:ui>Advanced</maml:ui>, choosing <maml:ui>Computer (KerberosÂ V5)</maml:ui> for first authentication, and then selecting <maml:ui>Second authentication is optional</maml:ui>.</maml:para>
</maml:introduction></maml:section>

<maml:section><maml:title>User (Kerberos V5)</maml:title><maml:introduction>
<maml:para>Select this option to use user authentication with the KerberosÂ version 5 protocol. The use of this option is equivalent to selecting <maml:ui>Advanced</maml:ui>, choosing <maml:ui>User (KerberosÂ V5)</maml:ui> for second authentication, and then selecting <maml:ui>First authentication is optional</maml:ui>.</maml:para>
</maml:introduction></maml:section>

<maml:section><maml:title>Advanced</maml:title><maml:introduction>
<maml:para>You can use this option to create a method that is specific to your needs. If you select this option, you must click <maml:ui>Customize</maml:ui> to use the <maml:ui>Customize Advanced Authentication Methods</maml:ui> dialog box to specify the authentication methods to use. </maml:para>
</maml:introduction></maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content><maml:relatedLinks type="seeAlso"><maml:title>See Also</maml:title><maml:navigationLink><maml:linkText>User Interface: Windows Firewall with Advanced Security</maml:linkText><maml:uri href="mshelp://windows/?id=c243c092-48c6-4073-9b19-b9c98c931582"></maml:uri></maml:navigationLink></maml:relatedLinks></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Connection Security Rule Wizard: Requirements Page</maml:title><maml:introduction>
<maml:para>Use the settings on this wizard page to specify how authentication is applied to inbound and outbound connections that match this connection security rule. If you request authentication, then the connection is allowed even if authentication fails. If you require authentication, then the connection is dropped if authentication fails.</maml:para>
<maml:para>Use the <maml:ui>Authentication Method</maml:ui> page of the wizard to configure the credentials used for authentication.</maml:para>
<maml:para>Some of the following options appear only when you are configuring certain rule types.</maml:para>

<maml:procedure><maml:title>To get to this wizard page</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, right-click <maml:ui>Connection Security Rules</maml:ui>, and then click <maml:ui>New Rule</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click <maml:ui>Next</maml:ui> until you reach the <maml:ui>Requirements</maml:ui> page.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Request authentication for inbound and outbound connections</maml:title><maml:introduction>
<maml:para>Select this option to specify that all inbound and outbound traffic is authenticated if possible, but that the connection is allowed if authentication fails. This option is typically used in either a low-security environment or an environment with computers that must be able to connect, but cannot perform the types of authentication available with Windows Firewall with Advanced Security. In a server and domain isolation environment, this option is typically used for computers that are in the boundary zone.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Require authentication for inbound connections and request authentication for outbound connections</maml:title><maml:introduction>
<maml:para>Select this option to require that all inbound traffic is authenticated. If inbound traffic fails authentication, then the connection is blocked. Outbound traffic is authenticated if possible, but the traffic is allowed if authentication fails. This option is used most in IT environments in which the computers that must be able to connect can perform the types of authentication available with Windows Firewall with Advanced Security. In a server and domain isolation environment, this option is typically used for client computers that are part of the main isolation zone in the domain.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Require authentication for inbound and outbound connections</maml:title><maml:introduction>
<maml:para>Use this option to require that all inbound and outbound traffic is authenticated. If any network traffic fails authentication, then it is blocked. This option is typically used in higher-security IT environments where traffic flow must be secured and controlled and where the computers that must be able to connect can perform the types of authentication available with Windows Firewall with Advanced Security. In a server and domain isolation environment, this option is typically used for servers in the main isolation zone in the domain.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Require authentication for inbound connections. Do not establish tunnels for outbound connections</maml:title><maml:introduction>
<maml:para>Use this option when creating a tunnel mode rule on a computer that serves as a tunnel endpoint for remote clients, to specify that the tunnel only applies to inbound network traffic from the clients. The server can make outbound connections that are not affected by this rule.</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>This option appears only when you select <maml:ui>Tunnel</maml:ui> on the <maml:ui>Rule Type</maml:ui> page and either <maml:ui>Custom configuration</maml:ui> or <maml:ui>Gateway-to-client</maml:ui> on the <maml:ui>Tunnel Type</maml:ui> page.</maml:para></maml:alertSet>
</maml:introduction></maml:section><maml:section><maml:title>Do not authenticate</maml:title><maml:introduction>
<maml:para>Use this option to create an authentication exemption rule for connections to computers that do not require Internet Protocol security (IPsec) protection.</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>This option appears when you select <maml:ui>Custom</maml:ui> on the <maml:ui>Rule Type</maml:ui> page or when you select <maml:ui>Tunnel</maml:ui> on the <maml:ui>Rule Type</maml:ui> page, and then select either <maml:ui>Custom</maml:ui> or <maml:ui>Client-to-gateway</maml:ui> on the <maml:ui>Tunnel Type</maml:ui> page.</maml:para></maml:alertSet>
</maml:introduction></maml:section><maml:section><maml:title>How to change these settings</maml:title><maml:introduction>
<maml:para>After you create the connection security rule, you can change these settings in the <maml:ui>Connection Security Rule Properties</maml:ui> dialog box. This dialog box opens when you double-click a rule in <maml:ui>Connection Security Rules</maml:ui>. To change the authentication requirements for this rule, click the <maml:ui>Authentication</maml:ui> tab.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Connection Security Rule Wizard</maml:linkText><maml:uri href="mshelp://windows/?id=2318ec3c-e196-4a43-9d79-70ca7c52194a"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual>GIF89adÝp,dÝ‡$$$$(i0™$0<00048™8<<<@<<<@¡0@PD¥D¥HªD¡@@@D¡HªH¥LªP®L®8La L¥<Le(Pª™00$U®]¾PPP(Uª,UªiÒ0Y®™8<eÿD]u0]²iÿ0aºU]m4a²uÚ8a®<a²™DL4eºLe}aaa@e²qÿ8i¾Pi…Di¶Pm……îiiiuÿHm¶<qÂLmº™YePqºYu•Puº(}ÿUuº•ÿuuuUyÂ™ÿYy¾L}Êqy}Y}¾™i}]}¾a¡ÿ}}}a¾aÂeÂU‰Òe…Â¡ÿ@ÿi…Â………™y‘YÖi‰Æi² ¥ÿ$ªÿqÆqÊU™ÿy‘Ê0®ÿe™Þq™¾u•Î4®ÿiÞ••••‘²}™Î™Î@²ÿ}Î]¥ÿy¡Î…Îq¥æ…¡Ò¡Ò¡¡¡}ªÚPºÿq®ÿ‘¥Ò™¥Î‘ªÚ}²îa¾ÿ•®Ö…¶æ®®®²Ö²Ú‘¶æ…ºò…ºÿ²²²¡¶Ú‰¾ö™ºæyÆÿ‘ÂòªºÞ¥¾â‘Æÿ™Âÿ®¾Þ•Æö¾¾¾®ÂâÆÿ²Ââ™Îÿ•ÒÿÎÿ¥ÊÿºÆâ¶Êæ¡Òÿ¾Êæ¥Òÿ¡Öÿ¾ÎæÚÿ¾ÎêÂÎæ¶ÒòªÖÿ²ÒÿÎÎÎ¥Úÿ®Öÿ¾Òê¶ÖÿÆÒêªÞÿ²Úÿ¾Öú²ÞÿÊÖêÊÖîÖÖÖÎÖîºÞÿÊÚî¾ÞÿÎÚîÂÞúºâÿÒÚîÆÞúÚÚÚÊÞò¾âÿÎÞòÂâÿÊÞÿÎÞúÆâÿÖÞîÊâúÖÞòÞÞÞÆæÿÒâúÚâòÎæÿÊêÿÎêÿÚæúÞæòÒêÿÞæöæææÖêÿÚêöâæöÞêúÞêÿâêúÚîÿæêöâîÿæîöæîúÞòÿæîÿîîîêîúæòúæòÿêòúêòÿîòúòòòæöÿêöÿîöúîöÿòöúöööîúÿööÿòúÿöúÿúúÿúÿÿÿÿÿÿÿ	H° Áƒ*\È°¡Ã‡#JL˜f¢Å‹3jÜÈ±£Ç C‚ ²¤É“(Sª\É2$É–0cÊœI³&Í—6sêÜÉ³§Nœ>ƒ
J´hC F“*]Ê´%Ò¦P£Jõ(	pC(Œ<•O§ŠKVa70)ABb-K·®]pìé€Kü“ƒ‚`¿A‚àö&ÿ3‘s«Ü‡»%Ö®çÏFÑÊEú+0`ðâà„–‰Û« a=á“´ÿÀø#ÇõíÚxÿü+€SÁÎ “+×)úZ›{Ã
Wî±´¨ÿ»*qÇþÿ7üõÚX
"_Î¾=K¸rþÅºí0“ßÛãÊÇŽÚn9Å©•q§i·][»©çÞ‚²ôGZÂéF,ÔI…ùõåråYZá@|ÚuÞ?x\ƒ,¶(hÖ–s b¨›vÈh Zz¥ØÍp5žH£^
ºhä‘u3'?
$‡q±liq“ËWòuˆ¢pT
„–”+"iæ™Dq‚áAë¡éæ›,Ar%BmÂiçNá©§]^f$—&‘9P{Z”DrˆjÖQ,µ•iè¤MAÀ¥¢õiP7Mæ¶Ù@B&ÄiA‚þ3ª|‘rFéªJ!
jŸäAÿA‡%ÈŠž¬lÅè@xa6r€ÃUAŠ«†¶
i‘¬6+T	Æ‰éå1'rÜf}þ¡×® 4«@ß*z–||õpñùõÇ²’:ëîNßJ;«b:'èµÊêiABÆn·ì.ëfŒ±Ë''¬ðÂ#ÜË»s¯s^ÒëœsZûã²ÜÖn‡ÿÖ0z¢ªÞ(§¬òÊ,£@Ä0c´Ú«Q+µ~aK/eûT.¸},À‘.‹dY<hF„ÆìtAÚ‚ªc,±bš/u²â XÇ¶öl¶-òa±vµe3kQÓO·±BšfQ©•¬öDl»íôbcåÿÍ¦Þ€+t Qù}wàˆ—ex»‰7Ò§Åm<«ŠÑâŽgÎP¨9Z·` Í¸D˜k®÷1O
ôç1`Éz,'Êõ‡pu#íò	$;í÷m	®Ýÿ”.ð¦;}nj[{£qÇÿ%æc¾²z¤'*™<˜Íi[º–_D|ñ0[
.ëH»ööÅÎ]ê˜†8(æ¥=ëžêÒ—ƒoÿ@°cV+ë›¡{·èÛÎÿÂ¨êu«cJÓîw¿qdW¨q úúE-)ÐcCàüX?Ú¯HûÿøáäH^<c‚^ºã°^®âÒDG?ïyð~ÃÊŠ<ä.¢J-‡ñŽaÿš#ÐÎl1[	ÒÃEä{7Ìç.Â	ÏÕpmQÌâæ6âºoZcLˆE1šñ!d<£Q’Æ5ºÑ%`„ÂÞh”6Bì
W cQìø.<Îªd …ñ™Ä±yl ý@‡'äàˆ¤$'IÉI† F ¦àãîòãž´ñ	:!•L¥*W™Êä`
Œ ¤rÊh$Q¾ÉŒXC Êä u¨C)xAL^p#!Ü(&/ZL!ä«œAô 
~Ø…–.²%’„á!¤Àæ9þÁp„ÃÖø.Ö‰‹W€âð„ç+Ø‰‹Z 3á¸Ç?âÁÿ‹RÔA¬d
Ö 
Å)‡<X[È5E…t…pÑ&‹ÎÁˆ,@s’)ÀBxq{œS¨ˆ§HGJÒ’ÂÓ¸ø…5²ñŽ~ðb_@å$`?<c*ØäIyd—«èNr	©ŽA$êžgœ!”(/þ1j@¢0©Tá‰‰=ì!S-©(páj„ãÕèƒ7'‰,|*9ÕÉƒÄ÷5ð¤DZ`Ã¶@Àv…±"Q•£
=„`’øB'î1kà"«ˆ}g É"±&4²ÑVœá¯’ÄÀd™”´æ„8•ó©s,”—X‡BÂ‚ËjZS¹½zæˆ˜Á$gÀnÿ¼ƒÁˆ*d»œàà0B$»[Úñˆ„p%ù:Üt Kh«Wâ¸/‚Î~¨£Ÿ‚¸–.šXn$Cà‡s„cî,.d¡`}ìcéîp«^’š"Ô¸#dÉ ÂšBñ¬MnC$oQ7?®A
'(ä
q7nßK<P|àÜ@‡3BZßÝ²·ð=à+_¼`&©(–Žs³xÀÆé×ä:Ð‰…µ u`ßÞn††šÈºhã$xñk¤7Å6@;Êà;ˆ8é`"9CY¤¨p:¸ñ^F2œýIrr€6çJÿ´éÉ`r¬]çDÞ-2YlñIÊ8Ô8ì—Õûá2üàUNG:~!ŽxlÙ]´H_Axøá¢È&vbãœX©CZÒëxØ!ßÉGJZÒT„—"þ~€ñ€†)$]ßB£À$@t ]‹F?º
´Ž§(œqH µ¿gµI§Û³j£h£Ï‘ÌA)Þ±Ý»¸¶¦Ã (k'ìzÑôà‡Hpm‘c¼oÒ<F˜5{(ñ8ƒ™SÐŠpü¢ÜÎ69û@èš¹€ÇF€o‘â‚Õàï´1“e³çÝ>á‡’lDbµ(x¾¥\Ða ü¸dà„kxAÿ×¸HgŽVÛg qžDÔ©Ð
â<±E@à‡wCåŸ²ÇòŒ	”üä)z<k1ŽH\ôŒ€‰€ÛÇP¬h(#Zaˆ=2±ˆêÙ(üXC$pvÃÚJ²Ð?NmÝä('xÚãŒwøâByJ<[EÝH6‰Û´Ò
2uýT¬ÜA4…ø,yKÕ_'Š-0;ƒj4ís_/ÇQp†‚¸ýèqÏ¼°Ž±B}%ž-íˆ¾sÉª/`¸B#•ÃÚäÈ0[IA¨åu‘mkù"ÀR«ÔþG]ÿÎiö±û!O=dãŽÿ€-(¨@>÷¤Kÿ¦È†ÿ%ð®÷’xVHÔš©"ÅÂÜ	éâ½R#@ã§¸ëÙÈÜoüúÈe\Qƒ"z‘|Ë'“I•gß·[qÐ°hà²ÐNp};@HÜ‡tr·€ï¥I§wç‡?P+‡Aú»£zòSÎ¡?Œ‘x/h2TÝb‚&ƒQ€0Á¼´Ï}hRmà€@õà
¨0
û°
ø°šðvHW„P„à'~÷&#èw¦B}a1$.›1+.h2ñ"|±+ûwƒ"ùÇƒ^GgIP
¨…R%c~pÛ0kï$
N…N P ÿ÷ E0	~è²e3P~áY©2@°gÑ$r±‚ió7€ì#:‚:5È3r($á/Ub‡Êy:2•Ü@„~OŽP}<wÖ€y‡˜ˆQøˆ#" a°	Zh
Õ0‘„ìÖž…b(±ˆú²+%°% µ'²ŽÃa+Ü3†Kt Y±5ýƒƒcYó+yÏPhÄØ‹ðd`	Â¸ÂfŒÈ
ˆP"Ps …¢Ð‘„‘G ááEQxfQ‘a‘wØšdð	ÐÀRE=Àùpoˆ…ˆO¸
OsP’ˆZ˜ÀpQÿ÷¦BÌf‹4Áz¨G’&E9@p0
ö ’Y%
äðIzð´	s "0”È³À
—˜:Y5W>h@i)À
³@”Rå…à””K9UÁpÆ^p°ð4	S°ŒsàŒRpf›ènmv˜ˆ™˜Š‰˜Ñ²e™Ñ jùNŽˆ€n	—LIwûI Ô¨4%u	¹(
ÔÀ„É§;ô©rQcÉ+|À™“9U˜°Œu™™©”*¹bj ¥p‰C€	R“3ÉÍÀšà•ñš‘@	qö9Šè“ÿ¹©»)™½O¿œ˜ù–JIû0
I ðp	”Càˆµ	a`•a•Ò7	J,A5R²:S%rÀ7‘a;É:š%*½C8ÇÀ	hS3Z;Ož2Sžqžé	YëYqíüˆM’P\“€*€šJÖÙA0§ñ¹¡<`Z{µ;1ƒä‘z±,ù#^‘=9®BäB3B-÷)=(ž
Ažñ	È›#º[%z™á}d
£)F2©ß'  šÇpÝ‘åÓ:±S¤‘b3?c/L)8Ã5Á&ó8³†ÿz^zÏdg‰žcjReÚ¼D[àœƒ“(}Ô€‘´i6`00¾rƒäñ‚Ã!©2+ƒú‚†Jpû‡)j:ñI
V©õU¢ å6	ýÉŒªt¢À
HµÕˆF1!‹4è)çÂª©"|ýB~*«•sðs« yz¨´À–ÂZ©3zš™‡
ÑMÐIx#dH@=AŠb¨ò#G³Â¨±j21´nxª‰j4zÁäê¨ yhŸ0”ë*¬ÐYY˜v¸@¼”_Øiwª<ƒÑCñázô—?Q;vezÁYB$˜‘Ž§jD‚ÿ³‘!³Â’uq›Æ÷°Q–h0’[´U)‰Ëªq¹	‘”“O´ÚY>ë@ÛçÀKD@
E»µ €¬ËØŒJ
hIÚ²PkE61µ»úÞ„ç@©\;™í
§*×¬Hõ{îÆ¥±¶
Q–¥°™q›UŽàeZè©4©q³ ¼ôO1j[µ
qÐ$Z;¸ˆe/I
°©ZH•þ™´Áf}@¶ñ2:A9ýñò¬û'›{334´¥åú}†Ü`ˆ˜kRŽ°¹`ƒMë‡^[£€ymvkay+Âµ_Àp±;;«»EÁº³Ê±#RÒBDÿv»
¦K±½;RŽ°‘$àÐ _ÐT¬~hšt{m‹ËKNë¼‘tJ‘ô¶à¬w3ºŽNò'r%<Ú$Wô;´À=ß¥1ƒŠŠ¶‘ëüMB
çKRémÑàêŠˆ÷pw@Àv¸2ù©×Fºxª°\FÐ¾ð
Ë¥i<ñ‰¤1Šð$ *Ô½Õ³«J± Ã·ÜW¶Á½*9EÜ~ð€èÀ»
’0"‚&lÖpÂI¶~ÈŸ¡l¢ðÐ¤‘„í«®¸e¤jÖÛù
ô*ñb>¶Z4µa¨¼â9¹:~‹ÿsÍ°ÅïÔÅ	iÑÆR%
âÐ'ÐüÈ—~O“¼êÕ#ðÆñ êO¯ÐhhÀKÉV¼Ç¬÷B$$‡Ú»A‡,‰|W¼Y¼Ål–¶@ÉRî`Ù@”ô‹šEPõÕ€ˆ¥¬$5öÀà¸xÌ9¯@ýÂBÈ	;ÈßÉ£‘Ë±Ë±ÈgÐÈ‘œ¶—&%
Á`µ+ÀÊ<™ž:"p•è€Xâ`Í#…
Û€Õ™yÌ(rW¦U=hƒÎHœ#K¼ç%ñýÁ=TÌ·ÁÎÑË¿|¾^LÏö¬UÎ`£+ÿPÓþ¼Ìr›¬-aÀ[HˆK¨Åí
ð .£4¡ºz<GŠ-ka%b:Ü³À<ë±éÀ=¤=N²ºé€=kÒ
ÒMï¼Åpÿ@’i
Ð`™@Ó5mÓÿœž½Ó"`£%%		 ƒè
B½räj0×HÑSÑP qWáë°¡
‘·F‰
˜`Ð€y¨@
ð€	:0× }Óé9	2‰×y-Um`¶à™Yä …
Ú‡ÔP¶ «’K_iáÐ»’°#`×àVpÙ…
¯@ÔF
ÚÐ-Ú½	¦‰KRb`—@	¡`Öÿ Ô¸`ÔÛÐ=Ûw$Ö	AÖÿMŒ°ƒ+	PÀ1mÇíÈM	ö°æ@ÞÐÚuž›@s0¥I#Àx	‡pßôÀ„ ðæÐ^Ðß†Ôç-¾Ù Ù\›êkaŸÀàðKõmßN`ö`á.Ýëàs¶  ÍplŽâVpôÐ¹Pá,^ÓæHn½¿]´{¼3`÷[³à€
(nßeà?ÝÿÍµ{ÀÔö
)pãS^ôpåŽØ¡„ÞAÖÐ	?W±©¼Ñ@‚ëR>æVnætÓ[»£sA
¸`ÜÐàx®ç+ÿäI¡
ªPJštJ¿¤It@Mÿ‹U¼ápK’0÷àaO¸pç(^åˆÞÏYî‡aðŸ–âÔLB†^êynæ‡’žëlÚPQÆJ“ôJš ½ qéA¾½µF™Ø£nÞ@	Và¦Žè.Þ‹™¬.R½u÷Ð$å
³Nåµ~å‡½J!·-¡	Yðë‘¤gpƒÐ
ôNïñ~cXt@ì¡Š0ä!\k`
ÊnÜN ãË
O£î]
éÕ®çþ„PññŸñ¿ññ¥½Ó5°í ÝÕ0äpÊñ$î‡€
@î5=
Ìó2ÿ?óÍÀÊtóc‹2al“tƒP
Ö´ô@æ€NF?ôá¶O0n,I´E¯6ÒI¸_ßV@	óÐÚ‚Nê]ñå~åþ‰¦=öd_öföh?ÐŸšÝÈ`»vò"%îNÀ²lPíÿ@Oz¿÷zï¼`l·üÀ¦@ïæ€^‰%
öþÀ»@’´Oð\4ÁÎÚÙ“=¢Fy
RHrÉmÓ°UØ`Ó@	f@í_ÿãßñ®ÿú°ñ?Ð*06Êöv`ß!–a,÷Tnxßa¸ð÷ŸŒ€iƒÀî øPö
ÐÀÅÖôÛ¬‰,ÁÎšPq÷Àµÿÿ°€ÈÝÝÞ åe@	Þ°
oæ×î‡Ù^ûzýN¸OÝfØ'î”-¯ú5ý ð±Bà@@R3P P¸x óOâDŠ-^Ä8ñ‹õ37ëàH’%Mž<8‹œ?n48> Ã/ãLš5%âàƒq#ÔPþTèP
9®ýhñO[“	(–tÑ…ÍÉT'VÊ¸S˜5+³†~‹²È”9?Å@f‡Ã$~8±3m^ºCp£–¹*ð¨GY’ô¢¡Cˆ6/ÆS¥*:kÎ0¦£ÊÅx98Öé'UXÎ ‚ñó¥#U†MÆ‰Qˆ:Ð:¿†m²èÿÑ¤—NaçÕ©yµþæê5öðÎgÓr(Íˆ‚['lèRecëŠ½}
*ùÈÁ†#šÖéK
ŽåÍŸŸñÅOŽŸà™"þU”µ~ŸpôsZÆÔ?h¥–øüj6¤*fÝxsÂ·ß¶êŠ@	ÍBKÒþá§
Ppâ–ºxóº¬\Àî Gt¬»ÂjŠ‘ÿÎ3à5iEÆ3”€Ñj¼™p(Q¼¹Ç%žˆg?#'êÏ¢à—Ÿ$ÉÀÚ&ÒFÁÝ@œîA…‚ƒJã,¤,<d0D¾´"‘/S$ì»Œžùâò4Ð£˜{$¢'Oo¬É“ž}þ©§˜ENÐ gÿºj–}üà(mŽ42ÉŠ8âæDŸ4p‚1µÍÊ2³ÔR ./•ðKä*j2±ÔëÌ$ÙN ÔXs	b0ï2²e5ŽN(…ÜqF¤ pqFþ!GRÅ[8ú€SHM“”JŽÎÙìY)˜až2–@a‚&rAVChTo‰ûR
ú (ÕU©2ó‘$0ÖßþÂ$	Ý¤l'Ž´àÆŸm,}Í™?½ï]“¶aç¾Š¼µœ,Ò†£½$Žï¨xç–2œ(·	M<]—ÝÜù5ãqâ,ÐD"{?Äwº½0á÷ 3è ~Û´èæÇž`ÄÅœÿ Žy¤`Øá(™2®)[‰T1`~ªN’8â¢ä“Q¨ u{vy…$Ô™A8²9ÛÃ€1Ú	¥‹šI@nçO[5	¬J$	iŠÎàÈ_ì1VBT¶¡çnP ‰†##¸îzãŠ>1àƒw,m³
H;6j~»7PK¢–qž0ÀÒ9Û!l4Ú1¹fP•g×[z¤¡	*”£w(ŽÎàÇš.+á¡z”‘{“¼a…£58ŸÉë	}ôÛaÛƒŽ”GõÖ|]!5˜QÆŽ^äü°âè l,x7CÍ~p¯áQ‡/Aà×ñ’&}
L"ü "A†u©
ÈJ0H ÿ
š$ˆü Šg€¯"âÓDùôCˆÌR6¤Ò2ùeƒ–©!VØÓqá Æê¿Võ%Ç›UH¤]†¾ŠÄ%vÀŽp
ù›Pp7¸á8(Ü ð  ø"ŠJ!<ð" X 2Œ„`#ÍXQðã0úÀr>ñMl;d¡¹0Ždœ¬€Qƒ:>AìÀˆDßéŒe$CxD4 uˆùÅ£8"„:<á?¸¢„´xàc¬B%P…²Ày¸ (ò 	Àñ»¬‚Öx€#äÁ—ºäåI–iÿFx#0)ñ=Ãc˜Œ#r÷Âw¤Âo¾!<.ñŸ‹àDŸ…ðmÐn¡âJÉ6Í¬ˆf0ŽePBîX§`ùÎáÌÖ{(@ÑAäÁ¢tèD3¨Q7HÀ¢ÃÔèOì‘zØC"õ¨†ÎóapÓsé˜â1xv&.D<(awˆXÚBkŸfÏ¥ˆ®S’ã5
ÿÑÂô†Rå}e,ºÅˆÒR¢fõªW‰ŒvƒwëW7z’_Øc$¢ÀÅ2ÜñrB4šké~Ä÷muk¨<ä@Øúà~À£rj€VÿJÔq†àÿîØ©;‚0
¥$MFK›B”B Ø°ƒ¦rÕ„
6…¨õ(Z’²nƒnàêH:xQôã&E0Ìárà¯úÙë’š´XØÄÀ@–D-¸’Ä¨øDØ£èøÂÏÔ°]îª!h‚èîvUÄ‘jØ`ß¨ªhG‹U´“¡`¹`S+Qü²s´è/[{
€yè((ê›‡3ždæJ0öÁßÆhk6Ùëô\ØlŠ…¡$‰-4À`œ>ÖÂ@	ãHÀt¡^Ñ^µìtgX¨g½.rÑ
^=c<À‚*°1Œ9BƒäbÞ8¢6ÿÉ,þá, übÁ¾
A^;‡‘ ®Ñp–Á)†Àz¸ás˜Å<æ1£cZ( ð	{²˜A‡˜Ç‹Ûc-ƒÂŠ“OÁ‘èÂ/]O|RgBï0A½hF7ÚÑÿi€? `€v8ÒÍ-Ž3{Ü«åeC>ÛˆÇ
 „mbd¯ä]¡U}>L@Á0‚u¬—´qLºÒ—vó!ÒQ
òlšÂ¢ÀóWjÁ9p$¥¶È^…Á‘{0yÕÏ&Û=–†ˆý,¿Ø‚”\_:äàõœ/	mÚÂã!HÁƒ“
hŠÈ©·%w¼½eŠxpDÊ†áGø1‹Dð„ÝÆõ·ÿÃ]ÉqË{$Û8·ÔM‘½þÃ21xÄ»ôÏ.`á5ñ¦ˆE‚(£Ígñ·iAIKJÞÝ¨MÍî‰0®'&‡9 QtïtðÇAö€Ð¢w w³ÈI^py‹#ñóº3rôèÃÙ1‡zgÐÁžïæäÑ‚[uNÅÿýèê:GJnð†„'d¹Dâ±¤N<-êoË+¸Á‘É˜F/ª?H’ˆÓuÝÒ_gPØ	.ï>þ1ÝhŸ	í„
¸7^(3ÝiT!'°CÿˆœÎûg¿ìä¹Ø‰¾j\Ôƒ#ûGÃÿ‘ÂÄãéŽ‡ýH¦n€ªÛäK;Á=~!ÿŠHÏ$=ä<ïþîù©~ìÏ&‡%Âv†§ýrŠ„Ûc?ýYTƒîø®²ö}}T%Àï<ñycü5®ºð´o>Mœ·øKÍÉ²@EMr„´Bô+€D_ƒ	…¬Ú{hØ‰0»6«ùš:	ð>ñ?Ð£¤Ð!Uƒ†]@®S½0$tPÀÉ€µ’%AþÁ€°8Ð¿Îð€ð€ àˆ-oy‡ÿ@½ŒH¹Oà‘·Úéû	ô:<	,4Sè‡û`$q¾‰Xš3hDùÀ<‰2‰D°¨ò&‹À),Á‰€ü«ƒ°¨3²¨’„<H„ÿÔ¿3LC-$Ã3‰4Ôž3ÄBí¹/”Ã-üÂ¡8Ž8»š°Œ3ð>’¨ßŠ=Ø¼ðs@'(Â	Ô2qXbÂš`”àÀ.ñBÖ€œ-üA[	8A\£M,‰¬ÁƒèÄèDˆÁƒ Å0A‰šÂÃ¦WÔCÜ¢)Eè±DAPH&@òØ›X6¸‡Ì+®ElÀFtD¼H¤°Y¸ŽÀ˜Ä'ŒB(AÅ‘èÄ_ò€0”Å\ì(‰â1ëD&4	\Œ?bbÅ0ätì!F8F[AàLAP8Ç<HÇƒTÅy€b2H1"E1DHÿh¦ŽêÃØøC¸·™Ø	%Ø	áªÆF|D
ã½ëK½&œˆKÌÄ')GcTÇ|Ì N¬£ƒ(07ØÇVtÈ/4Èc‚Á|”¨DèÄZAyC¤B@ Á*˜ÉŠ4JìI™<ÈŒV„£'YFž0
ö(†C™‘¾!¿oS2Âçâ—ˆ„›`ÉGr¤G;zÊ¢ŒI0W”Ê»ÃU¬Hý+Ê¿4A¥Ü¨¢œÁƒ„Ê¾œÊ¬J©<àEe’ìÈŒˆ©~ð«°¤F²$>;À†³ÌFâ¢ÆI:p”—ìÀ‰I7˜I¢¤ÂNÔEÃ3²Ê©LEÇ$‰NL*<ÊÁœJÿ2ÃD`ÍƒtÍ¨üEzdLZÂMPNÈdA	ÙÊf´‰›Ë9DKFt@ÏMHËš’DÈ·Ä·¥É‚AË"JfªH‚lHÃ2*&§´¥#àI¾üÉcê?ÁLLbô¥ZtÈ2êÄü<Ç‚tÌ†ÜÄäD#}ü/2rƒcŒMâ†I°7Ó!|–ë,ÉìüL=ðÎIÏ•4
F`#aºÇø³E½$&ô€WÅY„A|DÑ/Ä¿=HeEùÃ‡tE¥¼Çü&•íá¿]”?•N@ˆ¿PDÊø@pX’'8óåLÏÓNõPL2‡AOñ4*ûÿtx½KÁB8‰=@HF(‘SÖ"A7=ˆ6d„ÓøËÀæ3
ç¡5áÒáëÌ
åˆE¤Ñ\ÓœaX’1Çé«Â¹Ì²åˆ%<
çÑ„4ÔÍDT/UT`Tý±kúH:àˆbFKÅÉ±Ò²)]!ØçiDŒ±L›.<ÏŒû1Õ88Ÿµ4NeÕ"‡5•ÕBûÓÔÓ°RØÒñUµ±F'€ƒdøbíc½›”4€AZV‰T½©ÔhUµa Ód5Æ)ÔÛÙV`ý:6Hnðq%›ÒóF3ÕW5DDb0š±1
@ˆE¡h#”¨„ÿ÷#‰;¸IÒ©ÏâJ#Q)B\¡m5§nÕ×pèWr•g(†ÈXýðZpý-2CûC‰Œò¿3	›Õü‰5¼YP†%ùd3
ò¡½3´ÍÛ›¾!Ùd0YŽÈ€{wP)+mÙÓˆöè¸X%	02"‰##:‰9*H«‚b‰#ð/œTØ# 	ÇJ€"c2"‰„µS¨†ÿx€@Ü°q€[ZÝá¿±Æ’õ-{QðÑÈ¬=
m“¨†Ô¬Ä¦2Jd’Ìàg:Îÿª/û%·Òyü/	ˆAø/Šíª9ôËw…j¨²5»–˜òÿÍ=Ÿ‘\€ÝqÚÅM†qŽp\D™†•]€jM×ŠP…%™j€V‰É¨°C³0®š%‡"J„”‹ZÝÕåY;jAV¼›fàüàš¥Ù,ƒ'à^ÅmD}5^ä¥Ú9?¬¥\ý8: e¨^o¹^Ää/×Êƒ´]ÝŒª¨ØÂ¨_äÞ-*_¯*	–õåˆÍ˜ÈºÅ’ßÄ}Úû5€äC€ÄåÐJÌƒ	à&•NEžÙæ* EÌßYšàÙ5ÇªÁàQ»8#ñ'Ì¬©MØ„ƒøàáßâ=ÞÎß°à03€Ø‚QàÑÎþÍUŽhá»áÜšU«FÈ[’€_€ÿ*€0°´íÞ6FšSgú/Ú™V8Zš])ð’Hbúu@ûmb
C8®ó°0;Äãç`&ÐÅ…µž!C£3rØÔR`Œu[¤ŒØˆõ1 ËÊ‘ ä‘d±ã †”‚}paË¹0‰?áAçŠÍK[°Jâ"aäFæbHŽ@¨]°ÀYMLæ.YeRWŽð^Ý¡YF‰68®àaâG¦b]6	Ià^à‡`h+aÀ¡£ƒmJN€fG&nÈÌwÑ±=}Øéñ(Û¥†õbhžˆp~˜gý±f³Èæù
aon.”pŽP†[Øÿk6xˆ†t†‰jõgGNnˆYwµœW¨$X%Væ~ø9€p*h ƒƒÞæ%îfü=‰†®+…ˆ†+Šö•°9Œ6¡{^8X&›Zˆöà	’æœ”; $hZ
1èmVâ@N†w™&	šN‹©°iœÆwbåiŸæœHX’‚¥†X&ê1†R“ñg‹ 
€DZé¡°ek4ƒtàFX(x+Wàˆ®¦Š¯–èYH‡±.ÈkŸ»ã)¨”¶~\jèƒ—¤¹¶ˆs»öÚ»Éë¯Økâ£„}ÈAÈsø(xrèå«šá¯¾éÄN‡xÀÿóø¥ÞÊ0¶j0ËF”Z8‘F4ÁåìÏYÐ^¡Ñ‹Ò:h…Z	‚fø€‡H¸«ÙF
hŠÃ¾mQ@qÐíòÈ¹±ðƒp¨ âQ †VXž0Úå¦ˆOhî»¾Spê“€îý™j„¹TPƒK0(l;@:¸
oœ.ï{1å>ë¸žÞá†ïø0nGî3ü®	ý6
¸‡m`ëØ{X† pÎn;„Qø
¸‡%Á=°@ïþmØ
pÛÞr()ë3€ñçsðövï‡
ù¦oŽ˜ñ‹ q8…}íQ²lý‰ïŒgrÈ¬ÿßP‡0Ûhð§aøñ·ðj~P/Ž@ò¹f
¯gHq'‰a8G¦=ß®ò‰°…ú‚ïóÎØ†ðr‡j‰ƒ@ÜªÆxÐ’3Oo¥XsÈAah€óy:·s?‡ê³wj?ŠZ@‡I¨ï¨»B7Œx1,çhð]âðfA	0–®t@vJ¨…ÑxX\åtÇM¨€© uS?òBWšÑ˜„q0QW‰Y‡V@êA·õý°¤¦]ðsèöY†Hïb§êÐšŠP ñßHð‚Ush¿ˆ*¡öR¯ók/ôxXƒ´NVÈ†-·lS †ÿjHg!¨ÌrÇ7ƒáˆAˆ‡]ïuÎ˜œe™“öø ÷:€¬ÐBö¡†*Ô˜êjOÇ€w‚jø;¯rmˆ Q«j`øhE…f@‡Ý66š§øý€“¸6€t÷‡a±\Xôowzè‡R à
"‰1xµè{3Ø‡ZLÈlédywùŸ€€·v¡¯r[Hg,¨†pøïhÅj8‡3HkàÔ¡/iFÈÝ_ÑƒV¨k\Pü×ƒ+hØ-~(†\~cÁzâP‹>[ƒw°QL äªÖ3ëj°€¾‡©µy?u¿_½¨Nx>ÖÜÿ^ ëÐB‡ýÓx†5¨oó‚Eh…r¨‡ä§z8©]Q/ ëE(¬Z¸ü'§=›,øXx…9sÈì¸atÃ¶™Ô¯˜—ù×ÿ}F÷ðƒx †÷†;Tp†wˆ`Îñûˆ,hð Â„

†èË'R”èàŒƒŠ>d‰4ðÓ‡‰sâE‰2Ê”*W²l‰Ò”µ~¶4HñL £ú|V'ÄF[ÿ„¡ˆ¥_²2N–þ ÁAÓ@m–Îâ˜DU·rE¨ª¨Ä_¸¡s†Ê%Ú´j×²mËRÔ²pçô`˜˜‚Q×¼z÷êUåçIŽ+ÿ¦x‚è¦A~9'€qÏ¹_¢ÜºDåŒž¿™a×ð+¸xâ‚3ñˆ'U°}º”2u
U*U«X
håk;¡¶3‚kú9n™)ÊÂ‡o)*µ{ŒrP|"ô6ôèÒªª®‰N¤ç[51/PÀÀ‰HìþíóöëdÛYÁ¶íëWìè3ç>‹DG¨-°Äš>›2õjK9ÑTŒLåDUWe5ƒñ ÔD305ÁW†÷5út¢Ÿœ¡
ƒ%šxbBÂ€ðEJhÂÎ=ÿðC7ÖØx£ôÐ#c9¤(AQhóm¥
sa¡Q9þ± krPAl
Ò†¢tÂœQ×DFtÏÿ8ÖÔ¢!˜ÃÍM8ý”‚Å e•mºÉàW<CGDÑp†&è¹§žgÀWÑODÒÙVñè·À‘Þ\˜“.ålµ½y›*Yì&Q
g´òO6Î &¨*¡²5üÓGY:)«ê'AªÐ!DšƒÙº_k°™—=à‡>ŠRÖ¨€	Fê*t‘<q©DBRM?áX³Ì§¡
§ž5áÜs#F0k€ˆÄƒ,¹å"ëAü¨ÂÈ¬9¸ûnOÐA‡&$Þ–&"üX3qÄ» ¹¶ÙBgEäp#Åü35Öà‚‹µ-Í‚4Ô„óO5Ô‘–…pÆ'„<²¹è’,Ñÿ'ØìL†Lþ;%É¶ñ£ÉöD¼ð"Ð8á4ìÌÃ³4.ËXcñÅÿÃKX¤JO0"dÌU“kòÈ]rHº¬Ü2?þÈ°Õ¶isk”BXÔ1ˆÎ:o7/ŒÔñEOšvÂ”ý÷ÕWT-QÛØáD×_gÊ6÷x²‚”’~[<ªèñD
·j¾ù…Ñ¡
Õ“‹Î*Ögn@È\sxâ¿¸eŠ7ö¢Ã
AÔr	Ù£KW¹¬tf3ç=ƒóV'²îÉ“.xÌÂ\šúêˆOcëi¡BŽì.¬D-è`Ö¸ÊOZùå—¾øé—Ì|ÌçœQ+êªÎÆÿôÕ¯„Š8ÙCÎL5‡â¥>(ÀƒHƒ+¥#™ûà—ºe°Á	ô£^J^‘?5¬`jÈ0Š$‘,øm€ü`ú.À‰°}ï›ˆªAŒ>Ðé€-¨ŽRœn?_°s¨CÀ‰„ì\³¤Búƒ‚.<._!t;|"ÍÕC†”°lçÈEŒ0Dw$áð@DÇ0 ôE±ŒfdÕRÅ¿i‹Bô‡=úp©äëŒv¼c›Ò¨5®Aüî‚ÇA’AzL'çGŠä`W…|$ŠÀ IyÈC’`!tŽ¢äçú¡úr“ƒ/H’¦,Q,‹¤R’ÿ`t °J “˜T#(O©Ë]¤–¬ôe7jÉ	&àà9J`LÈrÇ@8A&€AœÀä5ÿ!d–C,p€MþâÄ¤/	âÉƒ$’—î¤/S)`C•áüG7 ‰X(ó§$"üa•ýG@!@Ð? ÿ †	rÊ’ph:²Nƒ´ó5c<	àJp6t L`B,bñX!²ü&`êÏY¾4µÔgJqÓŒ
d£éèGƒºÃJ“LP(,! SIÊ°<ÈKS©ÎT 5H-EjÉòô@ÀÂ*Ö±ŠuS*½ZíÒƒ3'%HK¡:Ëƒ&”¦«´©?o)®^ 
×ü+`‹´¶Œ©\¥<"ÉX@¢¡Á”ƒJqàO€žõâŒ…<VÊ	0ˆ´ªUÅkc÷P¾êµ°¦%¤%)YYyÈ¡L g7ÀP0³™Ï,È$µY9dó¶Ú„æY§:Lg×–§=.ræÓä2·¹(Z®s£+]Û@wºÖ½®Bª‹ÝírW»Üýît½Þñ2W¼ä=¯iÍ‹Þõ
½8n@;<maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Connection Security Rule Wizard: Tunnel Endpoints Page - Gateway-to-Client</maml:title><maml:introduction>
<maml:para>Select <maml:ui>Gateway-to-client</maml:ui> on the <maml:ui>Tunnel Type</maml:ui> page if the connection security rule is for a computer that will be the local tunnel endpoint (gateway) to the computers on a private network. You can use this page to configure the IP addresses of the remote clients that can establish a tunnel to this gateway, and the computers that are behind the gateway on the private network.</maml:para>
<maml:para>The following figure shows the components that you can configure by using this wizard page.</maml:para>
<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=35a693e7-9134-418a-9c80-17f6d60c08e6" mimeType="image/gif"><maml:summary></maml:summary></maml:objectUri></maml:embedObject></maml:para>

<maml:procedure><maml:title>To get to this wizard page</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, right-click <maml:ui>Connection Security Rules</maml:ui>, and then click <maml:ui>New Rule</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>On the <maml:ui>Rule Type</maml:ui> page, select <maml:ui>Tunnel</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In <maml:ui>Steps</maml:ui>, click <maml:ui>Tunnel Type</maml:ui>, and then select <maml:ui>Gateway-to-client</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click <maml:ui>Next</maml:ui> until you reach the <maml:ui>Tunnel Endpoints</maml:ui> page.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>What are the local endpoints? </maml:title><maml:introduction>
<maml:para>The local endpoints are computers on the private network behind the gateway that must be able to send data to and receive data from the remote client through the tunnel. Click <maml:ui>Add</maml:ui> to add an individual IP address, an IP subnet address, an IP address range, or a predefined set of computers by using the <maml:ui>IP Addresses</maml:ui> dialog box. To change an entry in the list, select the item, and then click <maml:ui>Edit</maml:ui>. To remove an entry, select the item, and then click <maml:ui>Remove</maml:ui>.</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>The local endpoints are referred to as Endpoint 1 on the <maml:ui>IPsec Tunneling Settings</maml:ui> dialog box, in the Netsh command-line tool, and if you select <maml:ui>Custom configuration</maml:ui> on the <maml:ui>Tunnel Type</maml:ui> page.</maml:para></maml:alertSet>
</maml:introduction></maml:section><maml:section><maml:title>Gateway</maml:title><maml:introduction>
<maml:para>The local tunnel endpoint is the computer to which the remote client sends packets that are addressed to a computer in Endpoint 1. The local tunnel computer receives a network packet from the remote client, decapsulates the original packet, and then routes it to the destination computer that is in Endpoint 1. You can specify an Internet Protocol version 4 (IPv4) address, an Internet Protocol version 6 (IPv6) address, or both.</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>The IP version of the address at each end of the tunnel must match. For example, if you specify an IPv4 address at one end, then the other end must also have an IPv4 address. You can specify both an IPv4 and an IPv6 address, but if you do so at one end, then you must also do so at the other end. Also, you must specify the same version of IP for both the remote tunnel endpoint (the gateway) and the remote endpoints behind the gateway.</maml:para></maml:alertSet>
</maml:introduction>
</maml:section><maml:section><maml:title>Client</maml:title><maml:introduction>
<maml:para>This option is set to <maml:ui>Any IP address</maml:ui> and cannot be changed. The client computer in this scenario is both the remote tunnel endpoint and the only computer in Endpoint 2.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>How to change these settings</maml:title><maml:introduction>
<maml:para>After you create the connection security rule, you can change these settings in the <maml:ui>Connection Security Rule Properties</maml:ui> dialog box. This dialog box opens when you double-click a rule in <maml:ui>Connection Security Rules</maml:ui>. To change the computers that are accessible behind the local tunnel endpoint, use the <maml:ui>Computers</maml:ui> tab and configure the settings for <maml:ui>Endpoint 1</maml:ui>. To change the local tunnel endpoint (the gateway), from the <maml:ui>Advanced</maml:ui> tab, under <maml:ui>IPsec Tunneling</maml:ui>, click <maml:ui>Customize</maml:ui>, and then change <maml:ui>Local tunnel endpoint</maml:ui>.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Connection Security Rule Wizard</maml:linkText><maml:uri href="mshelp://windows/?id=2318ec3c-e196-4a43-9d79-70ca7c52194a"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Connection Security Rule Wizard: Tunnel Type Page</maml:title><maml:introduction>
<maml:para>IPsec tunnel mode is used primarily for interoperability with routers, gateways, or end systems that do not support Layer Two Tunneling Protocol (L2TP)/Internet Protocol security (IPsec) or Point-to-Point Tunneling Protocol (PPTP) VPN tunneling. IPsec tunnel mode is supported only in gateway-to-gateway tunneling scenarios and for certain server-to-server or server-to-gateway configurations. IPsec tunnel mode is not supported for remote access VPN scenarios. L2TP/IPsec or PPTP should be used for remote access VPN connections.</maml:para>
<maml:para>An IPsec tunnel must be defined at both ends of the connection. At each end, the entries for the local tunnel computer and remote tunnel computer must be swapped (because the local computer at one end of the tunnel is the remote computer at the other end, and vice versa).</maml:para>
<maml:para>Use Windows Firewall with Advanced Security to perform Layer 3 tunneling for scenarios in which L2TP cannot be used. If you are using L2TP for remote communications, no IPsec tunnel configuration is required because the client and server VPN components of this version of Windows create the rules to secure L2TP traffic automatically.</maml:para>
<maml:para>Use this wizard page to configure the type of IPsec tunnel that you want to create. An IPsec tunnel is typically used to connect a private network behind a gateway to either a remote client or a remote gateway with another private network. IPsec tunnel mode protects a data packet by encapsulating the entire data packet inside an IPsec-protected packet and then routing the IPsec-protected packet between the tunnel endpoints. When it arrives at the destination endpoint, the data packet is extracted and then routed to its final destination.</maml:para>

<maml:procedure><maml:title>To get to this wizard page</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, right-click <maml:ui>Connection Security Rules</maml:ui>, and then click <maml:ui>New Rule</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>On the <maml:ui>Rule Type</maml:ui> page, select <maml:ui>Tunnel</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In <maml:ui>Steps</maml:ui>, select <maml:ui>Tunnel Type</maml:ui>.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Custom configuration</maml:title><maml:introduction>
<maml:para>Select this option to enable all of the endpoint configuration options on the <maml:ui>Tunnel Endpoints â€“ Custom Configuration</maml:ui> page. You can specify the IP addresses of the computers that serve as the tunnel endpoints and the computers that are located on private networks behind each tunnel endpoint. For more information, see <maml:navigationLink><maml:linkText>Connection Security Rule Wizard: Tunnel Endpoints Page - Custom Configuration</maml:linkText><maml:uri href="mshelp://windows/?id=85c69539-f0c0-474c-9860-d220293ab2d6"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Client-to-gateway</maml:title><maml:introduction>
<maml:para>Select this option if you want to create a rule for a client computer that must connect to a remote gateway and the computers behind the gateway on a private network. </maml:para>
<maml:para>When the client sends a network packet to a computer on the remote private network, IPsec embeds the data packet inside an IPsec packet that is addressed to the remote gateway address. The gateway extracts the packet and then routes it on the private network to the destination computer.</maml:para>
<maml:para>If you select this option, then only the public IP address of the gateway computer and the IP addresses of the computers on the private network can be configured. For more information, see <maml:navigationLink><maml:linkText>Connection Security Rule Wizard: Tunnel Endpoints Page - Client-to-Gateway</maml:linkText><maml:uri href="mshelp://windows/?id=63138fa3-9f09-4684-89cb-c44306ee3763"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Gateway-to-client</maml:title><maml:introduction>
<maml:para>Select this option if you want to create a rule for a gateway computer that is attached to both a private network and a public network from which it receives network traffic from remote clients.</maml:para>
<maml:para>When the client sends a network packet to a computer on the private network, IPsec embeds the data packet inside an IPsec packet that is addressed to the public IP address of this gateway computer. When the gateway computer receives the packet, it extracts the packet and then routes it on the private network to the destination computer.</maml:para>
<maml:para>When a computer on the remote private network needs to reply to the client computer, the data packet is routed to the gateway computer. The gateway computer embeds the data packet inside an IPsec packet that is addressed to the remote client computer, and then routes the IPsec packet over the public network to the remote client computer.</maml:para>
<maml:para>If you select this option, then only the addresses of computers on the private network and the public IP address of the gateway computer can be configured. For more information, see <maml:navigationLink><maml:linkText>Connection Security Rule Wizard: Tunnel Endpoints Page - Gateway-to-Client</maml:linkText><maml:uri href="mshelp://windows/?id=70d0c763-d3a3-486d-9f91-e213831f2485"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Exempt IPsec-protected connections</maml:title><maml:introduction>
<maml:para>Sometimes a network packet might match more than one connection security rule. If one of the rules establishes an IPsec tunnel, you can choose whether to use the tunnel or send the packet outside of the tunnel protected by the other rule.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title>Yes</maml:title><maml:introduction>
<maml:para>Select this option if the connection is already protected by another connection security rule and you do not want the network packet to go through the IPsec tunnel. Any network traffic that is protected by the Encapsulating Security Payload (ESP) protocol, including ESP Null, is prevented from traversing the tunnel.</maml:para>
</maml:introduction></maml:section>

<maml:section><maml:title>No</maml:title><maml:introduction>
<maml:para>Select this option if you want all network packets that match the tunnel rule to go through the tunnel even when they are protected by another connection security rule.</maml:para>
</maml:introduction></maml:section>

</maml:sections>
</maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Connection Security Rule Wizard</maml:linkText><maml:uri href="mshelp://windows/?id=2318ec3c-e196-4a43-9d79-70ca7c52194a"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Dialog Boxes</maml:title><maml:introduction>
<maml:para>This section describes the user interface options on the Windows Firewall with Advanced Security dialog boxes. Instructions for locating the dialog box are included in each topic.</maml:para>
<maml:list class="unordered">
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Dialog Box: Add or Edit Integrity Algorithms</maml:linkText><maml:uri href="mshelp://windows/?id=226a35ae-cf87-4bd3-b4be-fab77930e6da"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Dialog Box: Add or Edit Integrity and Encryption Algorithms</maml:linkText><maml:uri href="mshelp://windows/?id=b31c589e-5b17-42df-b7ad-041084dd2074"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Dialog Box: Add or Edit IP Addresses</maml:linkText><maml:uri href="mshelp://windows/?id=06cbaf77-aa9d-4dec-b056-3dcd2616e4fa"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Dialog Box: Add Security Method</maml:linkText><maml:uri href="mshelp://windows/?id=d42aa5c6-4859-4f78-b001-dc067151521b"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Dialog Box: Customize Advanced Authentication Methods</maml:linkText><maml:uri href="mshelp://windows/?id=f19cbe6e-7235-4613-90d0-6f7a3e8a6093"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Dialog Box: Customize Advanced Key Exchange Settings</maml:linkText><maml:uri href="mshelp://windows/?id=aaad90b0-4f52-46ca-9636-e05175e4aa78"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Dialog Box: Customize Allow If Secure Settings</maml:linkText><maml:uri href="mshelp://windows/?id=1a81d9c6-f39f-4835-a00b-11d994247ca9"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Dialog Box: Customize Data Protection Settings</maml:linkText><maml:uri href="mshelp://windows/?id=f4d3d872-6514-49fd-b8ed-1d725f74f0c1"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Dialog Box: Customize ICMP Settings</maml:linkText><maml:uri href="mshelp://windows/?id=8a0b490a-db5e-420f-8990-d0e30a17bc1a"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Dialog Box: Customize Interface Types</maml:linkText><maml:uri href="mshelp://windows/?id=5918d117-66c3-4f58-8680-a5a822c40dc7"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Dialog Box: Customize IPsec Settings</maml:linkText><maml:uri href="mshelp://windows/?id=66011489-1eee-4986-9373-565e557db23b"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Dialog Box: Customize IPsec Tunnel Authorization</maml:linkText><maml:uri href="mshelp://windows/?id=f637c2d4-a8aa-4e7a-b437-86b8e3accc7f"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Dialog Box: Customize IPsec Tunneling Settings</maml:linkText><maml:uri href="mshelp://windows/?id=cd103e5b-9da9-438d-a9b8-ed96384a17f2"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Dialog Box: Customize Logging Settings for a Firewall Profile</maml:linkText><maml:uri href="mshelp://windows/?id=58a40682-63b1-493a-9d97-940532cbbcd8"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Dialog Box: Customize Protected Network Connections for a Firewall Profile</maml:linkText><maml:uri href="mshelp://windows/?id=a4c3ccd0-9ec1-4da5-982d-6e65877b5db3"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Dialog Box: Customize Service Settings</maml:linkText><maml:uri href="mshelp://windows/?id=7e24b5a1-742d-4247-b86d-db9e097dee4e"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Dialog Box: Customize Settings for a Firewall Profile</maml:linkText><maml:uri href="mshelp://windows/?id=55215ddc-b9aa-4bac-9ec2-d5da5cb3932c"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Dialog Box: Add or Edit First Authentication Method</maml:linkText><maml:uri href="mshelp://windows/?id=f9172bb1-6c9e-4e09-a1cb-6e6912459aee"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Dialog Box: Add or Edit Second Authentication Method</maml:linkText><maml:uri href="mshelp://windows/?id=dd07bae3-3af0-469b-adc8-84f78f4169e8"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Dialog Box: Customize Service Settings</maml:title><maml:introduction>
<maml:para>Use these options to configure the way in which Windows Firewall with Advanced Security responds to connection requests from or to services.</maml:para>

<maml:procedure><maml:title>To get to this dialog box</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>When creating a firewall rule by using the New Firewall Rule wizard, follow these steps. </maml:para></maml:section></maml:sections><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>On the <maml:ui>Rule Type</maml:ui> page, click <maml:ui>Custom</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>On the <maml:ui>Program</maml:ui> page, next to <maml:ui>Services</maml:ui>, click <maml:ui>Customize</maml:ui>.</maml:para></maml:section></maml:sections></maml:step></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>When modifying an existing firewall rule, on the <maml:ui>Programs and Services</maml:ui> tab, click <maml:ui>Customize</maml:ui>.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>

<maml:alertSet class="note"><maml:title>Notes </maml:title><maml:alert>You can specify both a program and a service in the same firewall rule. Both conditions must be met for the rule to apply to the requested connection. </maml:alert><maml:alert>When you select the <maml:ui>Apply to services only</maml:ui> option, any service running as the LocalSystem or NetworkService accounts have appropriate access. When you select an option where you specify one or more services, the security identifier (SID) for the specified service is given access.</maml:alert></maml:alertSet>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Apply to all programs and services</maml:title><maml:introduction>
<maml:para>Use this option to apply the rule to all processes within the program specified in the <maml:ui>Programs</maml:ui> entry.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Apply to services only</maml:title><maml:introduction>
<maml:para>Use this option to apply the rule only to services, not to other processes.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Apply to this service</maml:title><maml:introduction>
<maml:para>From the list, select the service to which you want the rule to be applied.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Apply to service with this service short name</maml:title><maml:introduction>
<maml:para>Specify the short name of the service to which you want the rule to be applied. You can specify any short name even if it is not in the list. Misspelled short names and short names that do not specify a service will be ignored. This option is useful when defining a rule for a Group Policy object (GPO) and the service referenced in the rule is not installed or running on the computer on which you are modifying the rule.</maml:para>
</maml:introduction></maml:section></maml:sections></maml:content><maml:relatedLinks type="seeAlso"><maml:title>See Also</maml:title><maml:navigationLink><maml:linkText>User Interface: Windows Firewall with Advanced Security</maml:linkText><maml:uri href="mshelp://windows/?id=c243c092-48c6-4073-9b19-b9c98c931582"></maml:uri></maml:navigationLink></maml:relatedLinks></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Connection Security Rule Wizard: Endpoints Page</maml:title><maml:introduction>
<maml:para>Use the settings on this wizard page to specify the computers that can participate in connections created by this connection security rule. The connection security rule applies to communications between any computer in <maml:ui>Endpoint 1</maml:ui> and any computer in <maml:ui>Endpoint 2</maml:ui>. If the local computer has an IP address that is included in one of the endpoint definitions, then it can send and receive network packets through this connection to computers that are listed in the other endpoint. An endpoint can be a single computer or a group of computers, defined by an IP address, an IP subnet address, an IP address range, or a predefined set of computers identified by role: default gateway, WINS servers, DHCP servers, DNS servers, or local subnet. The local subnet is the collection of all computers available to this computer, except for any public IP addresses (interfaces). This includes both local area network (LAN) and wireless addresses.</maml:para>
<maml:procedure><maml:title>To get to this wizard page</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, right-click <maml:ui>Connection Security Rules</maml:ui>, and then click <maml:ui>New Rule</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>On the <maml:ui>Rule Type</maml:ui> page, select either <maml:ui>Server-to-server</maml:ui> or <maml:ui>Custom</maml:ui>, and then click <maml:ui>Next</maml:ui>.</maml:para></maml:section></maml:sections></maml:step></maml:procedure></maml:introduction><maml:content><maml:sections><maml:section><maml:title>Which computers are in Endpoint 1?</maml:title><maml:introduction>
<maml:para>Use this section to define the computers that are part of Endpoint 1 and can use this rule to communicate with the computers that are part of Endpoint 2.</maml:para></maml:introduction>
<maml:sections>
<maml:section><maml:title>Any IP address</maml:title><maml:introduction>
<maml:para>Select this option to specify that Endpoint 1 consists of any computer that needs to communicate with a computer in Endpoint 2. Any network traffic to or from a computer in Endpoint 2 matches this rule and is subject to its authentication requirements.</maml:para>
</maml:introduction></maml:section>
<maml:section><maml:title>These IP addresses</maml:title><maml:introduction>
<maml:para>Select this option to specify the IP addresses of the computers that make up Endpoint 1. Click <maml:ui>Add</maml:ui> or <maml:ui>Edit</maml:ui> to display the <maml:ui>IP Addresses</maml:ui> dialog box to create or modify your entries.</maml:para>
</maml:introduction></maml:section>
</maml:sections>
</maml:section><maml:section><maml:title>Customize the interface types to which this rule applies</maml:title><maml:introduction>
<maml:para>Click <maml:ui>Customize</maml:ui> to display the <maml:ui>Customize Interface Types</maml:ui> dialog box to select the network adapter types to which this rule applies. The default is to apply this rule to all network adapters of any type.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Which computers are in Endpoint 2?</maml:title><maml:introduction>
<maml:para>Use this section to define the computers that are part of Endpoint 2 and can use this rule to communicate with the computers that are part of Endpoint 1.</maml:para></maml:introduction>
<maml:sections>
<maml:section><maml:title>Any IP address</maml:title><maml:introduction>
<maml:para>Select this option to specify that Endpoint 2 consists of any computer that needs to communicate with a computer in Endpoint 1. Any network traffic to or from a computer in Endpoint 1 matches this rule and is subject to its authentication requirements.</maml:para>
</maml:introduction></maml:section>

<maml:section><maml:title>These IP addresses</maml:title><maml:introduction>
<maml:para>Select this option to specify the IP addresses of the computers that make up Endpoint 2. Click <maml:ui>Add</maml:ui> or <maml:ui>Edit</maml:ui> to display the <maml:ui>IP Addresses</maml:ui> dialog box to create or modify your entries.</maml:para>
</maml:introduction></maml:section>

</maml:sections>
</maml:section><maml:section><maml:title>How to change these settings</maml:title><maml:introduction>
<maml:para>After you create the connection security rule, you can change these settings in the <maml:ui>Connection Security Rule Properties</maml:ui> dialog box. This dialog box opens when you double-click a rule in <maml:ui>Connection Security Rules</maml:ui>. To change the computers that are in Endpoint 1 or Endpoint 2, click the <maml:ui>Computers</maml:ui> tab. To change the interface types to which this rule applies, click the <maml:ui>Advanced</maml:ui> tab, and then under <maml:ui>Interface types</maml:ui>, click <maml:ui>Customize</maml:ui>.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Connection Security Rule Wizard</maml:linkText><maml:uri href="mshelp://windows/?id=2318ec3c-e196-4a43-9d79-70ca7c52194a"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual>GIF89aÜÉp,ÜÉ‡H$   $$$(((0™$0<48<<@¡@<<<@¡0@PD¡@@@HªD¡a0UHªHHHP®8La L¥HLUYº(Pª™00$U®8UyPPPeÊ,Uª™480Y®eÿmÖ0]²4]®™@D0aºiÿ8a®8a²<a²™DP4eºaaa@e²Pi…@i¶Di¶8mÂuÿ…êHm¶™UaHqº yÿYq•@uÆPqº }ÿqqqPuºUuº™aq•ÿ,ÿ™ÿ]}Y}¾LÎ]}ºPÊ]}Âÿ4‰ÿeÂ™q‰¡ÿ@ÿi…Â<‘ÿe‰Â………YÖ ¥ÿm‰Æ]‘ÚqÆL•ÿ™™(ªÿm•ºu‘Ê•‰¥y‘Ê0®ÿu•Îi™Ú4®ÿ}•Ê•••••™}™Î™Î@²ÿ}Îy¡Îa¥ÿ…Î…Ò•™¾q¥æL¶ÿ¡Ò¡¡¡}ªÚ¥Ò¥Öq®ÿªÖ™¥ÎY¾ÿ‘ªÖ•ªÖ}²î™ªÎa¾ÿ™ªÒ•®ÚaÂÿ…¶æ®®®®Ú}ºÿ²Ö²Ú…ºòºÿmÆÿ¶Ú¡¶Ú•ºæ‰¾ö‰ÂÿÂú‘Âò}ÊÿªºÞ¥¾Þ™Âÿ®¾Þ®¾â¾¾¾‰Îÿ•ÊÿÆÿ²Ââ™Êú™ÎÿÎÿ¥ÊÿÆÆÆ¶Êæ•Öÿ¡Òÿ¾Êæ¥Òÿ¾Îæ¾ÎêÂÎæªÖÿ²ÒÿÎÎÎ¥Úÿ®Öÿ¾ÒêÆÒêªÞÿ²ÚÿºÖÿ¾Öö¶ÚÿÊÖæ²ÞÿÊÖîÎÖîºÞÿÂÚÿÊÚîÊÚò¾ÞÿÎÚîºâÿÒÚîÚÚÚÊÞòÊÞúÎÞòÂâÿÆâÿÖÞîÖÞòÞÞÞÎâúÆæÿÒâúÊæÿÚâòÎæÿÚâöÊêÿÖæúÒêúÚæúÞæòÞæöæææÚêöÞêúÞêÿâêöÚîúâêúæêöÞîÿæîöæîúÞòÿêîúæòúæòÿêòúêòÿîòúòòòæöÿêöÿîöúîöÿòöÿîúÿööÿòúÿöúÿúúÿúÿÿÿÿÿÿÿ	H° Áƒ*\È°¡Ã‡#J”8$ÜÄ‹3jÜÈ±£Ç CŠI²¤É‡¦\É²¥Ë—0cÊœIScÊš8sêÜÉ³§ÏŸ(UJ´¨Ñ£HÞLÊ´©Ó§P£.\*µªÕ«X³®¤
²Ö<—^µŠK¶,B®"
ÔÚX@–‚"DŒlûÖ¬Ý»xŸr}`mÁZË
†«eQ`-¿ÿè,PÀ!âË
$lØmÞË˜3óÜÛ—`–<ü/-€lj>=#±å"B¡Zî?Æÿ>Ýøö¾êîf,W±æãÈ“›äŒ8”èZlÈ=£Ö6óöÔ
z™qÃŒ·ÿ} w3öðesõùÆÑÙŸOýZ¹ýûø%2x¾.nÜž=°Úaõ•×ÛxæÖY¾%È×o|eñ]~Vhá?û	Ä`{4CÔÂu
 ‚ž·ƒÇ!_Ú6XÖhcfœ
‘ÅŽÎ=t¥¡g0ªÖ×„í1J{Yqš‚+ZÖb‚ÑùXËŽHÞ¨å–c¡ÅØ—ÿìÁÛh™†# 	¨–j%
4œ\3gžZ¹w›mî&[jvrégRêÀò‰nÐ`¨¡ è¢j¨n@K.Èq•eDDáH6Ñ2›þ)*P¹b
,ªêª¬¶ÊêA¸ÿ‹<xY:ê¸Tª/¸z€4ñÆ°oÈÌ±È"[±§ºàk;¸Q
]
•ëµ~CH°jBƒÛÏ?ëŒÃM6èfãË.ì¶Ûî5éZ3Î8)$^ÐÐª	fÀÒÓ/,ðÀ<AÖb«°…òTbÅ«Ò`$ÊüsŽ5Ð°‹Ê)wìñÇ ƒ|Ë.ÏdC/8 ¼AC·‹*°CÑä„¡ÔlóÍ8çŒ°F€AtØÂ@ûTI«zàÅ*ýŒcÍ3·„ìôÓPƒ<Ë1&ó£Lúªj!êÐ„GkÙê³h…‡‘ìvI¹XÁò4Q‰<ëd3ÌÆQçwÞ·\ÿ3N?²x‘è¢A@ÂOL_cd«w=–Š“4˜§!¶áÚ˜w¤+ª@²ÌcÍ1ìmúéQ£âK6ë€cFç(ð2/%vÂ"~¹GzöÖ;ÙŸÅIö?ÂÏVfcªŠ‘fgîüDß<¡À¢;T¢5¾ ®ýöPÏÒ<Á4ñ6
Ÿ´dûD\16Ï<æ¡§l,s#{b-±±q^u¾% kØÃ‡äâ¤=ï€EU>ÈÃÇÀ÷&HAíÂò…³µÃä|ú±V[Z¤&()hG–AŠ8"þãŠQ!HÃ‚TÂ‹2A%æÒUð‡@<*ÿŽ1e,PQpµFÂˆPe<‡ùÙ
ûÃ ®Å9"h!‚`˜Bûµ©†`„E¯„`œãALcoÁ
uXazpëIš‘ôÁo;r™¢[œS€P8‰<çÙC(`´¿Zôï…Èë" …ô0Ò0G<@ÀÁ]äí2`AÔÈÉ¨½Âë 7P¾Ð1(ÉÝiI§Ï¼%N³1ÞyÔ47ñliIŒjóp¨ÉqŽ\›Elpcyb×l²“ÐY+ ±,,êþúÈ)"6`¤SžéLå‚IÎ…@ŽXÅ8š¦·4€óÀGšùÌhÚó 8v°ÿ¨',q#ÛlˆØ&²Âr”!êà'Ü±ŽaœŽ	øÇ>®Ñ
yÒóž÷œ…7‚C¸QŠ#eÈ@%2oô¤ËvŽgh¢ÿ +&š
‹À™µç.Îá8šáp	éT†Ò¢zDGt'¼áCÔÁ4	I ‚.öQ2›â4§Ð$6:êbD¨
©QÇ‘\¤ê;(¹÷Tè 	[Æ>¨fÕB`µ“³‡%Ç¯‚
}D%«`!rÎ(•©|j2@·n¡÷ k€LÜ•“¨h†2W J¬	ë`Gk/pPkMlD“ÐH Ãxë Û
ÿÈâw¸l'o¡
"(Ê]ûì_CHÚâ*©Š¢8ùCÅBB °HAÞªvü¡¸Õm'QÁ½zT¸Š£œqÇûÁ‘a¬ s	ò‰èÍ˜vs«ÝNö¢ÓSÀs!Z„ˆw¼ÅýÄP‰f¨q½qÃà+ßìÖ·“¼pFçöëþøÂpìbÑN"x 
fð|Í[HXQfˆ…1ÌbhX±°¤‡WÛ'xö!Ž/v‡Pwò'>@Š²â_øÅ1æd$p ¨$A#€@@¼`ÀXALáã4yÂ
)²‘‹dqÉÉ•Æ>Ø‘‡'àÿÏÍqƒÓP†| `°D—øeE•’ÈÃeñ4j9æð‡À…™ˆæÐ@ñ°ä-ØÁ8<y±;¨rƒék;—`
zÞ3û¬ÚºÐ¡˜@¡B´#{@lô£#ý±[Ô£j¸4
Dì`ŽÂø€!ê	¾B©Ú@p"æ¢¦zÕÿèƒ¢AŒ .bŽ†ô¢?¶‹zTãPå5}=–`;ÅÞÞ-Š1=Ü¸ ÍFé³
E-ÁiÂÊqm;m÷HÆÄí4K¡àÒº^TBQVHH¼O:o#«£[&Gz+ÈätƒìÌÛ1öQ
klj–ÿ˜ÂcÐc†ïdP!˜hW¼Åüt8^¡F&÷#y 4Ïó¶|PãäQÓDVå-»<uÒÐ—–M‰ôæya\S ¡¨U8T]8€	VÑ
8ä!ézÈvnT¡
Ö¨C¯£fŠ:ß9ÏOZ+À‘ªD_´¹ª	ò%ÆÔ<#qiÚFò?¦\ü÷†&p0cp8Ä›Ê1¶»½
Í0†¾ 0
ÔuúÎ Î{ÈŽÁ	CÛ XgÌŽ@S"gÊ0’ÃT‡&#ÞË)$2ãÔbŸ¢UœWã%ôíhf<C
›ÈG76æù*|Á¢W.Á=;˜{Øªÿ˜ÿ7øY®A"R¯½ïÐ“5`wÁKÓg†W¼éÈ†€_²
xN£–´¬ÈN$to¡¼aî·;Äww¥ÀÕh; 
É}ûÀnw}«€C	‘ðCålF€náw
¯PÓ£°³}ðn‚·Á1ŒÐëÓ>é3À q%BÒ?ª¡Ë
’6nr?/´ RâO²?ïÃêÃ>‘€EÁ}ç
w	ËtA 
À Þ0ç°Ü—F‡p
7‚ÏÐŠâ4©Ò@ÿta±w§±;#ôí³-4"ZD6ò ¿Q ÒB,â"yxBwXBPHÒ¦ëÿ|UWXòÐ(À–M)·r-çr]†Õø
¯p
øP	ãJÄbêG<@EQdB{Ø}H1¢{'$„(%†Øz$!Ï1‹‹Rx^@
V  ($p
 ‰9¥	`ÀtZ¦	¢6
N ŠlXŠ„
Ï€¥€hÙ`¯X„µ©
yÔµ¨ƒüs„JR%‡±#áTóà$"Ò )b„oÁŽx„HHÑˆècwÀ à¥wYuçix÷`ÜØ£ŽNs÷ð
@-HxÂŒ JSòká¥A'½6oòzrBØK¿´¼‘‰'ÂÿØJ»$ «”’H‘(Ë8‚³|Ú×idwŸjwU‘™
ç1¨
÷p7°éaR*—Â3Nñ	Š‚
!§z™À”gú"†jä} HlÅ”ßè”O•÷à	9Ð4`•r8xãÕ+AÀ
#ÈØÖU÷Òà,¸‰A„ß'‚ÑÔMù”C—vy'€—z‰Ž|`Šþ–nN`‘P
øðuÝ–8”‰Š	DlgØI‹p„ÀÓ7—RY™–y™yICá@¡ñ›ÀœÂù››IZt7ó zi Š	øZp¥1ðd¨rÀrœt¸
÷
OI™9ÿ›¹‰™44
X'¡Kâó€[Ò+f``.—0ŠöP
’É1ÇÀ¥põ¤FÖˆe tNvp2u×àCâIžäiž„žêYœá{±  Êñ
Š¢c¹gwðŒ
@ù4ÃðÔàÐö‘w§”§`	8
5wªÒ P¢pkÙP—ãI¡º›šž±žËlP€l°;qNòŒsA¥î9QRÿÐžÑƒ=“Ç¹ðn…™Êhµé¢ïÀHPÆ0£9…”©w
S;
2Î¨(d€ú¤P•P ïp¤Hÿš¤™ù<Ú¤Åù!jƒ_Á>üg’&ÿ€&Œ1<%)¼±q ªüTŸÅÆ”ò`è1Çtj™vŠ§XÅ–Âf+÷§c…ŠB‰Ýàñ«p‡
U‡
Š¤z@‘z7çµD“¸XËÀá$Á b±1H°$²;£Š‡$¢ÉÑ-^Wlú&õ v«w©€ä™«4zY¿lþZnÙ1™ÀdXXi÷ ¬ËÚ¬ÏJ¡Ñ
©LJ›ùù¸ñ‹þÓý …hB,ÒÉA¢ ³Z_—ôðu£‘©àHª¯õ•÷¯ˆà1Ïÿøh 2Ý °‡Ê°
[žYÃ*0d3tàA@8T†ânàU>1qsÑAh½d±OX®½ØxçÊ±Àè±Gh`YÉÙe‘ÀL™Nv(ûutÙ²Ï
³ÚUþú¯w
™puà×à4;›–Æ¬ÎzQðv†{¸Uà
ùâ(‡1¦&¹à°ã+±„ð
=!µì¹™á:2¸Œÿ '›Òèñ`£%	"wf€…€Ib¶(NUlKÝP—.Û°r‘LW·ÁV	ð¬Ð¶:{l[
mÆ°QÀép½Ø›½ñpóÒ½óràÿpn }pVÃº² è`ö¾• «‹šX·°ôo!¸d»!Cðì!  +¤Áºðžü;ºd²xŒð‡—üô}[_’˜fÒ€C»{¨yÀŒ*¼wº¯õ…P`0F`ge ¼o°	IÐ»*{
;Uj`aÀ°UÛó
ê ¾0ctR ý°ñ€.ÇÀ.èb÷ðíP	0@LçHõë‰Çˆ+îÃXunài»p¥°ÁPµïð³¹9¼éÆÂ›àV/ì¼2|yn‚{9|
ð|ÜÇsÀ1’ÐÇ}Œ	<ìÃ-!µ«(®ÿàßI¯!ƒ
Ã`üÐvþTUüW|¹4%z¢E°MÐ9Û1Ç`Æp•ÆjŒÇ!ütn<[qœ²;Ý–†Ã:üš˜Ð1Q@¡’PÈãËÈpVR€ÝP²P3û@Éµ0‘É±ÉE%Š¢Ž|O… ŒóÌõ1¨ŒÆ«ÌÊºÊp¯,+0]qœ°P•À@º|
¼œ›¾ì1£ ä9Ì=\Ì°Ð˜;ß* ÷Ê§ãÌÂ°(t0ÔÜÖŒR";ý	Ma'
ô`Û|
NÆ
KÎ«ÌÆw,¬é,•#ðVÀÀ³wœÇõl™-ÿàã-°ÏÄ¼ÑàA\41 ÕD5Å†<Í;µ:V¹ÐdºvÌ‚°yâœj(ÒjLÒXþzÒ“ÒÁqÐ: 0ó<Ó4mÓ§€ÓÂ¼Ó¡¯C¹¬"\\A·°o (þìÍ}RõF¶Q}S
U›@× A›ÀÕ?›«?˜Ùš½ÙœÝÙžÍÙæV·bMÖá( ÖËÊÖÎ*Ó'9ýÖrm™®}üœÔ!nð6; ö€aÊ°°o.…Yïð×¶Íƒ½…}P§¦‰=Õ(ðVBZÐÀ1N¶	m–Êåœ«Xÿf¼àÞâ=Þäm¼,÷Ê=ðO¦Ú»Ú»ìËsðÚ'Ðò
ß-PÛípV$ðýÀÙ°c‰
»
ñðpM¨pÜŠÒW-±Ü
ÑÜÅuÐ}YR

²,SùpÊIº@“Ê]}§M(žâ*¾â,Þâ.Îâ¡l10néÆGeuTë½Öó<¿|
ñ¤÷ä„ÜÏÁO (üp
ý1¨Ð
ÿ`MAþ×
3¾Ô¡
P\‡]¶wuá
ð
Ñ%ËqµÁT ”
Âç|Y`4þ1— ŒÝnPvå³ã©=ÏäöüãC×
!Yóýÿ —¦ó
éàÅYü&À‚$á
ñ_FõÔÝ>ÐgþVãLâ•ÝÊs;çNã£E xÞ§Íãî
2€.Û‚Î1„¾òÐQ Ì5³ÀŸùC»`€½å¯·]åœDæ
]	¡ÞÝ¤îr—p…Y˜x[ìÝ³±îã3ëþíEžÜ	qDÒ`#hwó[–^hüÍOŽÑŠÝéqÐžÚm·ÓþtŒ…Ò€íPµí1ýÞ˜0ëôèñß
‘ÈØ
B‰
ûÀO`’bï^hŸláõžiðOøí#Ýïy÷ïAðg@ðªÇ»ÜÚò]Ó±íò´ÿ}ë–
è¾7€À!#bD@ï1Ï€
«";Òì?fó®c®Øye€Ôòú.ên.Â#hòÒÀ.ÜÞ,OÏZÓó–ÉðÐå&-t€¹É(÷ ì3OS5Dv•ü ²@•ü+³	Kod«
ñwÕÍ=à¬@ROõV¿¬ûÞ¨^~ÿîÒ€yÜönMöcöÏVÀA4GOsÐ½2t
| !0À|0Jp
!€p÷§bð5µß1Äb0ûµûÓ
é
ï°ÿ€
õ+IŸƒ]	nÿ`Œ;8ª,Ž)„Ð”žµ»TxYL¶¢ŠÏøQöø‡ùHú$/”§ðï4Ðæ0½ÎúïÔ—OätJá)L9žôJÝ7òLpáîÝ6ÌhÙ¨ÛB’%MP(g€˜S!"œªQCa

#° AŸøœŠð¨’S‹À”Iò?T
Q=ã‡ïÈføýÃšUëV®[§èVìX²eÇæªäfÇªmÝ¾…·
3„`™Å›W/×Oð3Xð`Â§î€8 À<VTtèHò/ÉäÉ[Þ=Ä\ÐGªuÓZôèS‘p€4±ê+^Í´ˆ¹Åÿ…
1Gœè¦È4Ý¶P†³Í#H‘HŸByJÎQåGc*D"f™É‘Î¬±h@Ìä</éoWÉ[éðíé!×Þ°_Ù¿‡¯•_)µâ‚¤A£Éþod0Àû{ÃŠü¸oƒÜ(åªøÄëÔyå8;,17âi,2Ê*»,³‚à¬	dåBW, 8`ƒXÐÉoœ%: ‡vxæCà„ûè€âFKn¹”œKj%9–Ô¹…À‹i¹%—¼®¤t²	ì–}\IR üÇ=0Çìj>3ØzËƒÞ%p°gk²¡3_vÁ3Ï<ëÌÆš8ûùG`Vy#ˆ‹ÿÞzÁŒOä!³Q¬8`•aXdñŽ4¬‡É>´LD$xÑÆÄ@¸ƒRSO½ˆ¨¢a=_…UÏc&‚ s¨ðñÃà†;€…BB+’9#Á‹€(…š´Êê!	<’Ž(0TºÁçR/!ÓQ0£qÍ¶ÖE™Öñ&›cv™åÔ…^Ùe˜l¸9çe@ycÛ2Ád´…=/¨QWÅ4¬cQ  ¬Ó‡¢5Xø)`‰UÌÄ	'.Ø 7æxcH@¢c“\s
Î™ }%¬»41²¹SÄØN>Ž:'±ÃY‰íz’æXZ•šì|`	’³å—=dÌ°¯-ÿÞæŸr¹eâÐn9&oúQ¦{ÛÚÀ‹»šÞ‹Ž*˜GkN,‘w&Ñ *šqÆá^u»ïãœ¸/ð¶B8àœ0FŽnL~˜o“¦T(âS"æCŽ&_V"b9ÒäòÎZD	1˜Üò’²!Z°YîAú€Oâcí²ñbƒ¶<0£êq²Ïoo¹æë°©+Ö“½,	¦wßCƒ»‚NØÉ£Ó/š1ædÇŸçž°E˜ßÂ{p£|óÏ?Ÿ*¸q÷×Fo”»ŸøÖýú¾Ø“çŠH¼=€	ÞŽuðŽ~,Þ9Ô1âÀ„`ÿÂÂ+Xã€ qBØ‹ÿnìÃ½HwAšä HLÍBƒ
¼Ã}/<C2â×¸šjü`À^à ½ìO‚ÿø†*@Bç¸FºJ˜†€`HÇy4È@ª(à	ÈûaVáy¤®†%ÉÄ‹pgê‰_D£7Ð³½ì€}/„cgØ+É¡ñ8ÏH¼ð&»éR°qhTè‹§q€c¡(žV€H^ ´,
$²ð…s	PåŒš,!*ä JâÅ
‘Êã(C½‘
”¤IG%@²¯‚%‹°RŒ h¬Ù1€?î!.ÒB³°†< µ½.‹è	7^i’EÜÿÁ˜Ó$á3¶¨šE
09¦J&C,6	ƒŠ}@“=}Ô.Y%x<Ã‹h¼Ã¤ÁŽz@#Ä	.¡¢§¬Cz 3ù×—`£—ê„h
Q!=V8
º‘Jr–óœ qeDM2Œv€‹x'™ä‰Ÿ`Œ#“ØÌ'3à 8v<ãŸI€@Wtn`¡48[ò.M‘õ€Úœ%{ø±¬Âí(âbøÑQ¥Ó¨§ØÇnLPKÙ©ã	¬j©ó`z™N&ì`´šÓªˆ§Ø@H‚ Žä1Ô¡WÅ«Û&ZÑø¸A©yjTÝ7Ut^•¤&ÕKJ‰Hº ¬ÿE)t0Èä!éP+N™€@o#H
 ù5TiæÕ´êBêh	u`4€N…ª`}DX\à3EåzÜX[:*hr%Æ!ÖˆFv*€e“pˆztcÿ´Áº@©]ŒƒCtà—šf×‡žÖ»Úë,
&Y¢¶²ÙTi[‘vcä£øaª<¡ÄÈ«qÝÀ8$÷PØD>Ø•lÖT³òUŠÐÍF]Ä6ún„IÓŒSªvL‘`ØØ¢w21Çzo‹Í]Ø$ùCioÁô
4y Öh…iõ‹y ¡(øï?¢°Ž«ÔP†@’1~•$„xÿ†„•\˜[8AVÓD`]¤jÃçõð‡bx)ÔvÄ¯ô	Ð‡¼(6/Ÿˆ¤ÎAÜ«Î8+êpB"ãX]·‡¤2kë«
(‡!—<h’œã"`0|>F,ÄÊ¯
l–)]À£Ë`ï+ß¡6(§LüH°_dÑŒ{âÕÍYEæ\g£Ø]°£ä1D@˜Ð„&†@R	2}õé(É£9,é„UúÒ™¶£9d9^³˜™,,‰ÊñÒïž+©^uµvuÄÕ«Sy)ß[/ùå@³Ád;pc“b6±“°c{ÙŽ×ø|=dØŽ"ãˆ±„ÿÓ@V8 €àÆö?è¬m¡ÂºöËIÁ´8£»å>-*ÄqÐ•L ÁÇÅI"l,›Þ–¶w
‘Ç
”YÅ{A¤°Šf(Ù4 qF*u@ 8á·³Ûˆ™+LêâÄQjŒ_•DØu£¤ÜA†ä‘6y½1ýeú<F.‡, å\PÛ»7Ï¨4î±é OPÇÏYí»]ÄüÈÊ‚jÍ½pÇY„‰ÀKF£%0,»œIúžøçõbzô-Hþ!šT¡¦X—ôÉÍõçy½åûÞK)äd°¯h§4â1TTƒíCAl j…ÏÝw·‡¿wKÿ¦-€5÷0â[‡0Ä'Mßf’ )$C€ÍqÏïÝQ<%O´›àòö°æAévÏó`=‚6‘_õ§IûêK‚Šl¼þ(A¶ƒî·WhãP»“P+…^>êƒ¾àƒ(¼…øè@>Mø™L
MPÀbQ1X˜ø1ˆ
àMˆ ÆëŽé«¾Û³»
H4…`4é¾^Ø8·yÓ:òãžl…ŒB¿¼@†¿r†ªË«L€€ø3=§¨¿M§Úc¸çii8^~øèìá“ŽŠæá–Ð€á>”2çCÿ@€4”‰æÛœâKÃ˜2¬#…HÃì›[°;ˆ~iAŒA=f˜Á<9,¿òë›n02èA³ø†¤Â¸`Ø³ŒiÉ%dÂýóT€ÂÄ*Q»Â,>â{‰æc	éËäC3TCí€€šÐäƒCä8Š]D‰æ{¾’ÈC”9íÒ#»€F[‘B<DyKÄEì›M;€Nk¶—y°Òk¿«2…8gÐ…{¨¦3‰Vè†|øÄzgØÆ?“o@E,œáÓÃ^Æ3dä;Ã$Ù5œE˜0À/ÄÃ`È“0À=ìCdÔdØ>JqF„ÆJSÄÿÀÁ‰É1‹Ä±à¶P\8B£²ƒ°€H±…0`…}€†Ð†{  #!>„”
ð¸›G±Çf1@aäƒá+HåPC1`C\ÔE^È}4Èa$‰bt™L†Ô–å¡ºS‰HD¤Hiô±	¨gû‡¯:€Rà…ïBø€°ƒP28‡M ´}p7ÁhIb@‚»12'(¡]ˆ½ky‰T”˜2,>Üa<ÁôÉ3üÂ4d	ákC5ìE‚H% Ã{LÃá<‰©»cäà‡n$Dø£C”È¬ƒ‡Š¼HJYŠ	ÙÈ°`¨D 7Ó²#ø€(S8…B@¨ƒwpKÿ`¸‡I!	_¸º¼›ì9€¡ê…òê³xô·:às¼¾ó»—É@—À@™8C
ˆ‰åk@
l.Ä™SP‚˜`¼îŒ	ÃbÎäŸ!’M4•ªœHx0i'H‘q¯¯kM®@ºŒ²5¼2…2(0K(	¸áÍ¶Tƒj¸‡ñØ…x $øo@N!¹&²†%H‰{o8"!¬¡~Œ0T°†D	àÊ¦¹YÀ±„80	ý49VàOÿPá¤Àk,ôp€r8¼²ƒø@„Áˆ¹Ù5èà†*èÐU¸¶Ò$³
-Y*Ô‡ÿ¤>X@ïzq Ñ·äI0/¨JQ‚šŒE`ü Í¤Vˆ¿:€ÿÐÑ(1€GÐ‹ÞË¼JÚ\;.(Â
Hv8„˜ƒuðÒäÔ©WÚ…`‰'Ð–
#»Ølºçñp8XA´éÉSÂ(„>Í¨?•·@T!=TÐˆ‡5Ð!®‹o:€'° «Ò„)¨M0ÀÍÑÈ é„èÛY&Èˆê…:H*GA³ÄðƒqP¢UÕ+k…H²Æ,’ 2[ÕS\ÕÕÑ|FbóUB5TÐÀ£»‹/±H°
Pê|%uPµQp‚U‰ÿÜÖˆÒ¸‹€Dm‰ÿslPUs½3¯êB¨$¸ÑU‘[
\õÓz•´{Ò†
ŒVØ1{ö8VA2‘„ÒJ©˜Ð‚`¨aÀ>£#yK×&ÅXA…fPìzEíØP`ŠYÑ Ù]5Ù,CÙäÔV“@…wxƒÄ€Ú¼]xX4šÍX2HÚÂ04}+2ì¢r€†µÛÁ†u¨°ª(ÓŽEVe¨«×ÑÈZz-Í“T@€”lUÙ°[ŠÐ–|;€JKˆjÖ()`¼½5‰[PÚF!Ú¥xˆKÐÝšqXS¨íŠ£Z½Œ«=ŽÄåU{…ÿzp\¯Í„Õ™\Sm~èƒ{É©Õ¤2X‚eÝÂà‡Ù*Ùa¬â©„5{ÞÁxnP†\z‚À•Ý@AÂ
ÙÃµÝÝ†3¨A(èÝße4âÂ>¢
€„U2!YÎ/
„›¥Ôì%Œ[ÀÄ’yð‚{1`ðÐŒÛW uø©9
_H0à‡r%
ÜU‘Ä•†dP_yc_ß¤(21Þú…|¨†c¨€¢£/j[Û´9 ‚í¡”¹]W´ù„Úe‡ÕÝ[°u5*Ý	ÖŠÝ|°Ý’ÐàÉÚ èà&¶™ó‚š|^›.Ç…ÈPpŸ}Sƒÿõ\	C»QÞAª¿ø¡\ð…zjâ†qÀQñ‹çDb±hÁÐƒw°'¾c“ˆâ)^ßÞM,Öb¼àbûUa¦»v(aDîIM	{´»-‡¸
Õi…u@)ü¡O ž
€yh&´‚Z…\r€Šøc³¨0iYÑxâ{€åÜÕU)öàE®‡FNŒ,†dúíâIÞDhØ|hB¿I³DK	Ë&€P½[¸…wX+ PÙ‰ÞìëXX@(0p8‡g@Ú;n˜‡e¢Š
 ð½å°i0‡;~b×;äÀˆbmfî]P˜I‹HöbêDh¸OØ±ÿhÖKpVÛŒVï&XÈ…z«E†‹X€L>ŽJ{Nžo°‚{	 Væ†cøg;b~@’¤#¾ç±P‡¨…xhbCöB6•€è,Ëƒwànø‡÷r€²Õ
]æ/Œ†~h‡€É¾YÐ}ÐCX
Ú€RNÁ Î\PØßÑ@…y‰RìXy “+PÐn€†_ž¦V8k€e€¤*º¢œ~y/Ø5]ˆ'>…aø‡kP¢¦bÁbnˆƒÀšÞ®8%Y`æ©vhOpÍ°½‰yÒ(Ò³Ôµé|âÀ8~È#’&
x°?ß\èë.	‚A‡ÿy°†chç/ò…l8y…&€ë	&À~×‚{ðèÂ@ìS8†ÎSáÄ/~lUÚRÈŒT0ÅŠ¯ú‡}è=ªölÌ¸j‰iÛI¸"t€^ÉM<†{H…90éZk0uûãO(–^›&yXnà˜^‘]x?ùYð‚r >xdå†> 
/°‡wÍèØŒÉî¢~¡<à©‚ýÞ£@d ïåªsx(õþlömSiÖg½èÓÊ„èãÍ–‡N8ço†Çû<À–‡Jx‚ãv " šy€‡«Aui…]nxù‡`€+Èßÿ*
‚>pjX žÐâs†{ÒàVx†}h‡"Ð|°ëJ‰š Ðn8z$”ßX)É£Œ³b^èìÏŒö6‚Ýj	DÔiæª¶›ý†íÑ`ÖTóˆB2pq8Ù>Xé>‰“«‡`…7(
—$3ïPU¦Š¨„vø‡{È†kÀ1ÐÓ]¸†wðl°éàLW—Õ3¹úó‘	ƒs‘‚ t¬@† i2@M~ GH_‘þ=Ëœ]²Óø‡|È[i¹|Xï‡PòN
Tè‡oåu¬È…>x\—ðŽ©yƒüáÿ·Ø€ pXˆÕoH r)…_°{(ƒÀ
{øµ!"`aà‡êf‘l(Rh‚ ñsŸVÀ„moh~dÐ›K‡n€‡Î•m¨‚mu·÷†Û%Ë„÷;€Ô{˜w§¸†{À„`qNg‘~@¶¶øk#1uÁû.¡" ŠïúŽE†>ˆ+·xøëp=h~€iÙ…{†¢\C‡y>ÊIØö9è’«rHCz…t wÊz¢7£/Œ¤?…Íý€4V²;ÐÕUÙ”§/$kÀ‡ª'ú|gÙ¦´6X µÈü â‰ýüð7€ÿX`Ö—Ýùð8”·§
°TÆŠÖúupðs0l’@…cØ{¸´
€Ê•
‚qÐ…ßH‚Âßvbˆ+v¹ÈŸŒÉ§üX8õg‚6¦Í)ÝäI8ì½‰ü@õ‡?°zÊGýˆs&ôùgð Â„
2lèð!Äˆ'R¬hñ"Æƒm8À‚%Ï!2F^¨dÏŸ9h»PjéòÔ®kñü+2òÀ“a‰<Ðd°3‚¸(jôÄP#ƒíóõòå¿$‚ $©ºÊ‰U¶rí:G°bÅ¸ðô˜bðXkç,Ü¸rçÒû4Í…‘MÊ±cŽFÔªU·ÿ¼;jøhcºØ•;N¤›Œ’'S®lù2æŠxfLDöäæ•”Ù3¸¯^=íýZ“w¤‰RyŽ,¢-Ù=$†¿HSâ€3[÷®±|u»MT¯žÀ/ôèÒë«n½ú=/"½,£Vm‰2Ç“/ö„
¬ÈKw«åx>l?ñbó/5Á™ù?€
8 e›U¤V›^°`m°PDÛAœCÎEE‘J/àt3p@!ÊpÅµ¬Ø’s©£_6olç’ß©µ‚)úé¸#\™$à€öxóÊYó
V˜}†áÇØŽÜØôQJ9%•˜xÑ7„áÿ„ mð!ß`D¡Òäêõ	ˆpè Ãˆ%ž˜‚±ˆ•‹§8òŸ}bÒ’$}òéÈ)1Îx
"%Ø¨Ö<:Êc€ÓT\QA’Iµ$Y•¡Š:*©])?Ñá†„t¤Že‚fB4ÿ°b
 DœÄEÅ
;‡X…ç‹B†Ä(€¶p”…ÊÈ%ŠÚƒâ=zmy]€ˆœ9D…-Ýä‘D}šnª“:®ÃeA¥ºû.¼–¯C¹¸
färÐp4èÀ+‰mÁJ2wž§±F!ûÒÌ:»%1¬Um Øjlž¶!JUO7@UÕºØR®ÿ¹'pº#<	½1Ë<óBóÒQ¿
ˆ…‘Ã.\ìQ»±QÍI oü4ÇmœÄ&õ7ç¥¼¢lîÊ:þ3’l7‹=6©6“ÍPÎbTJ#$´Â›ì)H'=1wpYR†Pû}VÇpP +Á÷@ƒÊ?P“[kÚµy¨Ì3Ò¾g[~y€fcÎo›:'tÀÛv
-÷²bwV'(ýìS{[¼Öß±·x°8A8¬Ücð&›8ž$äåíÌH:m~<òi~|¿„}èp·X,²Q•ÃQQŒ‚Äê‡º¾è
M‹?>ùå›>úé«ßt¸ŠùÍí»Rôÿï÷¡»ã5u`BòýûÑò6×/dÀjûZèD7½S|nÖ;LZ2Š/àÍFX3¨Á
r°ƒÔ :w@øQ ˜JYQ‚GnÁ?ÿ{!@Ì±©›¨Š(À…DOtq{ÑSh”>ei-	ÄV¾õ1±‰Ndbûüu@ƒôÐNõ;Œ
ÇÃ"†^üß/‡ŒT ïÖFpý™P0|
êr#¾‰J„ìþF»ÊA¯äÊ×î§ŸW¨c$Èø""‘ÆËAÂC0£°t0‚øñ‡z:š}æp4¼Å‰<È£¥Ö'°Š'Daíò6) ‘®ÿÄÜ"/'78’I8B%(M¢®tEÑäº—7PÓ%‘êD2¶ŒRL¦<
U&HóŒÃ(Â+³I U0"#±ÄÜ,kyÆ\ëÆbV$NÝ³˜î<E&àxèB™ÌtÂ3ÿÍTÒeà›6
 oÖŒ3‰ç6P‰wH¯œ
3J$ÑtªŽ“ï,f!@0)ÐÓžðãÓŒD 
úi†È(Ð•ZÉ ÊséAi™P\ÜC9ntèQ"út¶ó¢î¼ƒF€…ŽV…~€Äb3Œ!dB?ó¨ÀÌÀÒ©¦š±jL=TAÔt9XáÑŒr…§8BbtôéÿOƒ:Ôz5I_HjOpp	ýc#©UóúRobÕ•ò TP‡{°¢h<Â:Dº9Â—=+ZÓ:.ÀãT°âQOðoô"®Ã4@*¤×Ñ^•¯Så!\¦2ôC4¨Ä‹ö$¨?HTO³%d#+ÙÄ¡¢ Š>²ÙU$8ø¬yŽÁ	C’¶¹ì«DêEH(h$°…ët‹V ªï˜Dpçà
â @˜+P¨Á¹šÁD°‡ˆà˜Á2$ŠPdFµHˆt]~Â
)¥CFúƒ^ín7/ed‡ Þ1‡u”¢¸ç½Ö3Á\÷èÿýGöÿP6@2YÈBf<,`Ó:÷]zñ‹3À`w¡ð€1þÑ	—-€	vT+ÀÁ^HÅ þ°‡!‚ˆ`ÿ¨Å’EßÀWl8È2
Àä=,Ã ]þ²eƒÌ€
(Àe&ç×È20D|PB°ŠUf`@Y¸À„=ó¹Ï{ÖBSg¬ÝQ8Až8@-nA=‡$2€Œ\€ÿÎ£Yvr(œ¬b%Ó÷Êá@ñAN¬æŒúYx@~üû†#–^õ9ífSÁù!rh)FR‡^º×tÉ@àEcK¹#A0¤#ýáØ÷i.@¦¼‡œ8p5CDýdÿRoÛÔ µ‘=<íj—xÖÿ¸5“+¨§ïñ5¼‹ùŠr(à€Q÷$-âpdC8ó2²0ƒZœàÜVˆ¶kÁm…{Û àFr-^ðÿš¸8Æ3®ñ_|ø6?\æs˜(Þ&‡*´aMLñã•‘ô‡2„h—!×6ˆ“C
j†ÿƒ¤ÖöÃ
âá,'¤âµvyDr±Qjœ¼éOë…¬‹ôËxüôA~bTS™ÚC(ñ¸g „„ÚÝ,Ààûóo£8Üÿ…o¾ëO]2)=À®®wGƒ¤.¬;e–Ap'ÇÜ áØÃøÝo6Äüð…ïw-œ6ðÿ7¿óÈùåÿ1eÍc™ñýVºÿ~ìÀº¼Þ;êÉã»àü=‡C/zy(hNI=îç²\Ô{Æƒ}se?{Õâb¹?þSn±ø±?ºóò
—9 ·G~îw±|õð1ú¤>ì·¯€Uœj@úºÈaëÏ ‡¸ˆ¡b8K

ÈÎ¸ð<÷}ô
 B ƒË@'”ßÆ ¤ßûÍ…< yÈÁüÅE
@
œEú
DàÓB½ :øßôÄ 4Ô8à¶Ä €èßû‰þ9 œBÆà„@KØàþµ„¼_h@ÄÿŸððÁK\ ÀøM/tÂH8À£• j¡EÐÞHÁ8ˆŒÆà úñ_"€x ,‚†@P`F@
¨!@
hðŸþµ„F@< &ü¡j\(Á>
*xCÔ%Tr¡^ óÅH¸@9\ß£!žBÎ_ÖÀ€N`nâ)D¡‚"Náž¦¢&j`\´ß8¡ÆÜ‚:”^Bµœ#RÕ4ð×.R?|Æ8€,°àµ¸àKb'vâ)ˆâ+ÎŸ(2#+ªâ²bNã+nàYˆAü½àµƒ2@•½ýÞ/–#àAB½}Ê8ÌÂ%€X 'ÿ@<Ö€!®Ÿ!Ž¢<žþ@=6c+®b+bcúàS|â¼£7îH+xƒß}Š9>$ðE—€`1”œy8 ÆM¡2Â¢ÆJ¡^#ÆßÜ@^cü•âz£f\BšÇ3”.V€„@$N^0Ž„øÁ9¼›~ð<Zà)hÂ%!ž‚(A3:aŠQºÐã"´„P¶„ÐbT.BTºÄPv¥~ÜÂ8‚‡Ø¬ä$ZÖ]%ˆ£(ƒ5`$(‘¢Ó¡B3`ƒ5©²¥¥^"<°ÛH<:<\ÆNý%¥É¡Â3¨Ã"Àœå^>¦Ëå‚‚T!Àƒ`bßÓ<ÿ‚8V€B&hâ¤#eZæ`bfyhæZò¤¼^h¾æÇ©ƒfeBƒ¢&y &<TBâ„.Â&pÙ7#õÁ:XPâæ\Ì‚5È$ôfüfpN'‡
çM(@(Ã9Ãi¢&*Ã8€ƒ¤c…4"užg²}ÃxÞ„	T‚>pw*ç)CsVÂ]ªÇ˜'zî'¤É!L¤z(¼g|æÞwr?¬B”eBÑcò'„â,ØÄu
è{BCršÜ-@7è(ƒ2æ'D(‰N:BOðd6ôƒ7\C†êÖ-\‚bÃ yîOHg‰ö(¤©$´h(ÀÔÖ2ôÃ8XƒJt'"î4dÃ8ôƒ2ÔA„¨½…‰féìABô&OÒ€B0\Þ8dC6ìÂ.x´š^C6x<ôC0‚Ð@Ž’QÂƒj)ŸÞ7@‚(hT
¼ÁC0À
’V‡5˜©£>ê£ZÇëÉ¢ÖÁì€—ÞDä)^õ©§zŸ<”Â½*„(€XX¡¦ªª¦j†…•.¡º$tê§Ö*Â!ÔiuÁ¯¾ØÐ€¸ŠkÚ*±æ$2ÀB±JŒ³ŽEA,è'ò;<maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Connection Security Rule Wizard: Tunnel Endpoints Page - Custom Configuration</maml:title><maml:introduction>
<maml:para>Use this wizard page to configure the endpoint options for an IPsec tunnel rule. </maml:para>
<maml:para>If you select <maml:ui>Custom configuration</maml:ui> on the <maml:ui>Tunnel Type</maml:ui> page, you can configure all of the details of the tunnel on the <maml:ui>Tunnel Endpoints</maml:ui> page. </maml:para>
<maml:para>The following diagram shows the components that you can configure by using this wizard page.</maml:para>

<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=64ce07a8-52a2-4d69-a392-2cae596fef27" mimeType="image/gif"><maml:summary></maml:summary></maml:objectUri></maml:embedObject></maml:para>

<maml:procedure><maml:title>To get to this wizard page</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, right-click <maml:ui>Connection Security Rules</maml:ui>, and then click <maml:ui>New Rule</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>On the <maml:ui>Rule Type</maml:ui> page, select <maml:ui>Tunnel</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In <maml:ui>Steps</maml:ui>, click <maml:ui>Tunnel Type</maml:ui>, and then select <maml:ui>Custom configuration</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click <maml:ui>Next</maml:ui> until you reach the <maml:ui>Tunnel Endpoints</maml:ui> page.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Which computers are in Endpoint 1?</maml:title><maml:introduction>
<maml:para>Endpoint 1 is the collection of computers at the local end of the tunnel that must be able to send data to and receive data from the computers that are part of Endpoint 2. Click <maml:ui>Add</maml:ui> to add an individual IP address, an IP subnet address, an IP address range, or a predefined set of computers by using the <maml:ui>IP Address</maml:ui> dialog box. To change an entry in the list, select the item, and then click <maml:ui>Edit</maml:ui>. To remove an entry, select the item, and then click <maml:ui>Remove</maml:ui>.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>What is the local tunnel endpoint (closest to the computers in Endpoint 1)?</maml:title><maml:introduction>
<maml:para>The local tunnel endpoint is the gateway to which a computer in Endpoint 1 sends network packets that are addressed to a computer in Endpoint 2. The local tunnel endpoint accepts a network packet from a computer in Endpoint 1, and then encapsulates it in a new network packet that is addressed and routed to the remote tunnel endpoint. The remote tunnel endpoint extracts the encapsulated original packet, places it on the network connected to the computers in Endpoint 2, and then routes the packet to its final destination. </maml:para>
<maml:para>You can specify an Internet Protocol version 4 (IPv4) address, an Internet Protocol version 6 (IPv6) address, or both. To add an address, click <maml:ui>Edit</maml:ui>, and provide the information required in the <maml:ui>Customize IPsec Tunneling Settings</maml:ui> dialog box.</maml:para>
<maml:alertSet class="important"><maml:title>Important </maml:title><maml:para>If you specify <maml:ui>Any</maml:ui>, then the computer in Endpoint 1 is also the local tunnel endpoint for the connection. The Endpoint 1 computer encapsulates and routes its own network packets to the remote tunnel endpoint, which extracts and routes the data to the destination computer in Endpoint 2.</maml:para></maml:alertSet>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>The IP version of the address at each end of the tunnel must match. For example, if you specify an IPv4 address at one end, then the other end must also have an IPv4 address. You can specify both an IPv4 and an IPv6 address, but if you do so at one end, then you must also do so at the other end.</maml:para></maml:alertSet>
</maml:introduction>
<maml:sections>
<maml:section><maml:title>Apply IPsec tunnel authorization</maml:title><maml:introduction>
<maml:para>Select this option to specify that the computer or user in Endpoint 1 must authenticate with the local tunnel endpoint before any packets can be sent through the tunnel. To specify the computers or users that are authorized to send traffic through the tunnel, follow these steps:</maml:para>
<maml:para>Membership in the local <maml:phrase>Administrators</maml:phrase> group, or equivalent, is the minimum required to complete this procedure.</maml:para>
<maml:procedure><maml:title>To specify users and computers that are authorized or denied permission to send network traffic through the tunnel</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, in the navigation pane, select <maml:ui>Windows Firewall with Advanced Security</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In <maml:ui>Overview</maml:ui>, click <maml:ui>Windows Firewall Properties</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Select the <maml:ui>IPsec Settings</maml:ui> tab.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In <maml:ui>IPsec tunnel authorization</maml:ui>, click <maml:ui>Advanced</maml:ui>, and then click <maml:ui>Customize</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Add users and computers to the lists, as appropriate for your design. For more information, see <maml:navigationLink><maml:linkText>Dialog Box: Customize IPsec Tunnel Authorization</maml:linkText><maml:uri href="mshelp://windows/?id=f637c2d4-a8aa-4e7a-b437-86b8e3accc7f"></maml:uri></maml:navigationLink>.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction></maml:section>
</maml:sections>
</maml:section><maml:section><maml:title>What is the remote tunnel endpoint (closest to the computers in Endpoint 2)?</maml:title><maml:introduction>
<maml:para>The remote tunnel endpoint is the gateway to which the local tunnel endpoint sends network packets that are addressed to a computer in Endpoint 2. The remote tunnel endpoint receives a network packet from the local tunnel computer, extracts the encapsulated original packet, and then routes it to the destination computer in Endpoint 2.</maml:para>
<maml:para>You can specify an IPv4 address, an IPv6 address, or both. To add an address, click <maml:ui>Edit</maml:ui> and provide the information required in the <maml:ui>Customize IPsec Tunneling Settings</maml:ui> dialog box.</maml:para>
<maml:alertSet class="important"><maml:title>Important </maml:title><maml:para>If you specify <maml:ui>Any</maml:ui>, then the computer in Endpoint 2 that is receiving the data also serves as the remote tunnel endpoint. The Endpoint 2 computer then extracts and processes the original packet.</maml:para></maml:alertSet>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>The IP version of the address at each end of the tunnel must match. For example, if you specify an IPv4 address at one end, then the other end must also have an IPv4 address. You can specify both and IPv4 and an IPv6 address, but if you do so at one end, then you must also do so at the other end.</maml:para></maml:alertSet>
</maml:introduction>
</maml:section><maml:section><maml:title>Which computers are in Endpoint 2?</maml:title><maml:introduction>
<maml:para>Endpoint 2 is the collection of computers at the remote end of the tunnel that must be able to send and receive data from the computers that are part of Endpoint 1. Click <maml:ui>Add</maml:ui> to add an individual IP address, an IP subnet address, an IP address range, or a predefined set of computers by using the <maml:ui>IP Address</maml:ui> dialog box. To change an entry in the list, select the item, and then click <maml:ui>Edit</maml:ui>. To remove an entry, select the item, and then click <maml:ui>Remove</maml:ui>.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>How to change these settings</maml:title><maml:introduction>
<maml:para>After you create the connection security rule, you can change these settings in the <maml:ui>Connection Security Rule Properties</maml:ui> dialog box. This dialog box opens when you double-click a rule in <maml:ui>Connection Security Rules</maml:ui>. To change the computers that are in Endpoint 1 and Endpoint 2, select the <maml:ui>Computers</maml:ui> tab. To change the authorization setting or the computers that serve as tunnel endpoints, select the <maml:ui>Advanced</maml:ui> tab, and then under <maml:ui>IPsec tunneling</maml:ui>, click <maml:ui>Customize</maml:ui>.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Connection Security Rule Wizard</maml:linkText><maml:uri href="mshelp://windows/?id=2318ec3c-e196-4a43-9d79-70ca7c52194a"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Dialog Box: Customize ICMP Settings</maml:title><maml:introduction>
<maml:para>Use this dialog box when creating or modifying a firewall rule to configure criteria based on Internet Control Message Protocol (ICMP).</maml:para>

<maml:procedure><maml:title>How to get to this dialog box</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>When creating a new firewall rule using the wizard, follow these steps:</maml:para></maml:section></maml:sections><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>On the <maml:ui>Rule Type</maml:ui> page, select <maml:ui>Custom</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>On the <maml:ui>Protocol and Ports</maml:ui> page, in <maml:ui>Protocol type</maml:ui>, select either <maml:ui>ICMPv4</maml:ui> or <maml:ui>ICMPv6</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click <maml:ui>Customize</maml:ui>.</maml:para></maml:section></maml:sections></maml:step></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>When modifying an existing firewall rule using the <maml:ui>Firewall Rule Properties</maml:ui> dialog box, follow these steps:</maml:para></maml:section></maml:sections><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click the <maml:ui>Protocols and Ports</maml:ui> tab.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In <maml:ui>Protocol type</maml:ui>, select either <maml:ui>ICMPv4</maml:ui> or <maml:ui>ICMPv6</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click <maml:ui>Customize</maml:ui>.</maml:para></maml:section></maml:sections></maml:step></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>All ICMP types</maml:title><maml:introduction>
<maml:para>Select this option to specify that any message using ICMP matches the rule.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Specific ICMP types</maml:title><maml:introduction>
<maml:para>Select this option to select one or more ICMP message types. Select the message types to which you want to apply the rule.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>This ICMP type</maml:title><maml:introduction>
<maml:para>Use this option to specify an ICMP message type that is not provided in <maml:ui>Specific ICMP types</maml:ui>. This option is enabled only if you select <maml:ui>Specific ICMP types</maml:ui>. Click <maml:ui>Add</maml:ui> to add the type to the list. </maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title>Type</maml:title><maml:introduction>
<maml:para>This is a number that correlates to an ICMP message type. For example, 3 is the number for the "Destination Unreachable" message. The message type is an integer from 0 to 255.</maml:para>
</maml:introduction></maml:section>

<maml:section><maml:title>Code</maml:title><maml:introduction>
<maml:para>This is a number that correlates to a code for an ICMP message type. These codes are details that are useful for troubleshooting and understanding the circumstances that prompted the sending of the message. The same code number can mean different things for different message types. For example, 3 is the code for "Port Unreachable" for the "Destination Unreachable" message, but it is also the code for "Redirect Datagram for the Type of Service and Host" for the "Redirect" message type.</maml:para>
<maml:para>The code can be an integer from 0 to 255, or the value <maml:ui>Any</maml:ui>.</maml:para>
<maml:para>By combining the message type and code, you can specify very detailed criteria for the exception. This can be useful when you need to make sure specified ICMP messages pass through Windows Firewall with Advanced Security for remote troubleshooting, while other ICMP messages are blocked.</maml:para>
</maml:introduction></maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content><maml:relatedLinks type="seeAlso"><maml:title>See Also</maml:title><maml:navigationLink><maml:linkText>User Interface: Windows Firewall with Advanced Security</maml:linkText><maml:uri href="mshelp://windows/?id=c243c092-48c6-4073-9b19-b9c98c931582"></maml:uri></maml:navigationLink></maml:relatedLinks></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Firewall Rule Wizard: Predefined Rules Page</maml:title><maml:introduction>
<maml:para>Use this wizard page to enable or disable rules that are part of a predefined rule group. Predefined rules provide network connectivity for Microsoft Windows programs and services. The rules displayed on this page are determined by the group you select in the list on the <maml:ui>Rule Type</maml:ui> page.</maml:para>

<maml:procedure><maml:title>To get to this wizard page</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, right-click either <maml:ui>Inbound Rules</maml:ui> or <maml:ui>Outbound Rules</maml:ui>, and then click <maml:ui>New Rule</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>On the <maml:ui>Rule Type</maml:ui> page, select <maml:ui>Predefined</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>From the list, select the group that contains the predefined rules that you want to manage, and then click <maml:ui>Next</maml:ui>.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Which rules would you like to create?</maml:title><maml:introduction>
<maml:para>Select each rule that you want to create or, if the rule already exists, enable.</maml:para>
<maml:para>The list on the <maml:ui>Predefined Rules</maml:ui> wizard page shows the rules in the selected group and the properties of each of the rules. Most of the well-known Windows services and programs available on computers running this version of Windows appear in this list.</maml:para>
<maml:para>By default, when you use this page to configure a Group Policy object (GPO), all of the check boxes for rules in a group are selected. By default, when you use this page to edit the local computerâ€™s active configuration, all of the check boxes for rules in a group are cleared.</maml:para>
<maml:para>If you select a rule where <maml:ui>No</maml:ui> appears in the <maml:ui>Rule Exists</maml:ui> column, and then complete the steps in the wizard, the rule is created with the properties shown in the list, and enabled.</maml:para>
<maml:para>If you select a rule where <maml:ui>Already exists</maml:ui> appears in the <maml:ui>Rule Exists</maml:ui> column, and then complete the steps in the wizard, the new settings overwrite the existing settings, and the rule is enabled.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Firewall Rule Wizard</maml:linkText><maml:uri href="mshelp://windows/?id=5886c961-2f7a-46f9-928b-2b906f2c354a"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Monitored Quick Mode Security Associations</maml:title><maml:introduction>
<maml:para>A quick mode negotiation establishes a secure channel between two computers to protect user data exchanged between them. During quick mode negotiation, keying material is refreshed or, if necessary, new keys are generated. A protection suite that protects the IP data traffic is also selected. The exchange of information required to negotiate a quick mode SA is performed within the context of the main mode SA. After the quick mode SA is established, then the two computers can exchange network packets within the context of the quick mode SA. There is only one main mode SA between a pair of computers, but there can be many quick mode SAs. Monitoring quick mode SAs can provide information about which peers are currently connected to this computer, and which protection suite is protecting the data exchanged between them. Separate SAs are created for Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6) connections.</maml:para>
<maml:procedure><maml:title>To get to this view</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, expand <maml:ui>Monitoring</maml:ui>, expand <maml:ui>Security Associations</maml:ui>, and then click <maml:ui>Quick Mode</maml:ui>. </maml:para></maml:section></maml:sections></maml:step></maml:procedure>
<maml:para>The following information is available in the table view of all quick mode SAs. To see the information for single quick mode SA, double-click the item in the list. </maml:para>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Quick mode SA information</maml:title><maml:introduction>
<maml:para>You can add, remove, reorder, and sort by these columns in the Results pane:</maml:para>
<maml:list class="unordered">
<maml:listItem><maml:para><maml:ui>Local IP address</maml:ui>: The local IP address.</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:ui>Local port</maml:ui>: The TCP or UDP port of the local computer used in the filter.</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:ui>Remote IP address</maml:ui>: The IP address of the remote computer or peer.</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:ui>Remote port</maml:ui>: The TCP or UDP port of the remote computer used in the filter.</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:ui>Protocol</maml:ui>: The protocol specified in the filter.</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:ui>AH integrity</maml:ui>: The AH protocol-specific data integrity method used for peer communications.</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:ui>ESP integrity</maml:ui>: The ESP protocol-specific encryption method used for peer communications.</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:ui>ESP confidentiality</maml:ui>: The ESP protocol-specific encryption method used for peer communications.</maml:para></maml:listItem>
</maml:list>

<maml:para>Any user account can be used to complete this procedure.</maml:para>
<maml:procedure><maml:title>To add, remove, or reorder a column</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Right-click in a blank area in the Results pane for the Quick Mode folder, select <maml:ui>View</maml:ui>, and then click <maml:ui>Add/Remove Columns</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the <maml:ui>Add/Remove Columns</maml:ui> dialog box, from the <maml:ui>Available columns</maml:ui> list, select the column you want to view, and then click <maml:ui>Add</maml:ui>. You can select only one column name at a time.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>You can also select columns that you do not want to view. From the <maml:ui>Displayed columns</maml:ui> list, click <maml:ui>Remove</maml:ui>. You can select only one column name at a time.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>To reorder the columns, from left to right, select a column in the <maml:ui>Displayed columns</maml:ui> list, and then click <maml:ui>Move Up</maml:ui> or <maml:ui>Move Down</maml:ui>. You can select only one column name at a time.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>When you are finished, click <maml:ui>OK</maml:ui>. The view will change to reflect your preferences.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Monitored Main Mode Security Associations</maml:linkText><maml:uri href="mshelp://windows/?id=39e393da-18a6-4a1d-85d1-d9dcb46e3b93"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Firewall Rule Properties Page: Scope Tab</maml:title><maml:introduction>
<maml:para>Use this tab to specify the local and remote IP addresses whose network traffic matches this rule. If the local computer is listed in the local IP addresses, then all network traffic going to or from any of the remote IP addresses matches this rule.</maml:para>
<maml:procedure><maml:title>To get to this tab</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, in either <maml:ui>Inbound Rules</maml:ui> or <maml:ui>Outbound Rules</maml:ui>, double-click the firewall rule you want to modify, and then click the <maml:ui>Scope</maml:ui> tab.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Local IP address</maml:title><maml:introduction>
<maml:para>The local IP address is used by the local computer to determine if the rule applies. The rule applies only to network traffic that goes through a network adapter that is configured to use one of the specified local IP addresses.</maml:para>
</maml:introduction>
<maml:sections>

<maml:section><maml:title>Any IP address</maml:title><maml:introduction>
<maml:para>Select this option to specify that the rule matches a network packet with any address specified as the local IP address. The local computer always matches the rule when this option is selected.</maml:para>
</maml:introduction></maml:section>

<maml:section><maml:title>These IP addresses</maml:title><maml:introduction>
<maml:para>Select this option to specify that the rule matches network traffic that has one of the addresses specified in <maml:ui>Local IP address</maml:ui>. If the local computer does not have a network adapter configured with one of the specified IP addresses, then the rule does not apply. On the <maml:ui>IP Address</maml:ui> dialog box, click <maml:ui>Add</maml:ui> to create a new entry in the list or <maml:ui>Edit</maml:ui> to change an existing entry in the list. You can also delete an entry from the list by selecting the item and then clicking <maml:ui>Remove</maml:ui>.</maml:para>
</maml:introduction></maml:section>
</maml:sections>
</maml:section><maml:section><maml:title>Remote IP address</maml:title><maml:introduction>
<maml:para>Specify the remote IP addresses to which the rule applies. Network traffic matches the rule if the destination IP address is one of the addresses in the list.</maml:para>
</maml:introduction>
<maml:sections>

<maml:section><maml:title>Any IP address</maml:title><maml:introduction>
<maml:para>Select this option to specify that the rule matches network packets that are addressed from (for inbound rules) or addressed to (for outbound rules) any IP address included in the list.</maml:para>
</maml:introduction></maml:section>

<maml:section><maml:title>These IP addresses</maml:title><maml:introduction>
<maml:para>Select this option to specify that the rule matches only network traffic that has one of the addresses specified in <maml:ui>Remote IP address</maml:ui>. On the <maml:ui>IP Address</maml:ui> dialog box, click <maml:ui>Add</maml:ui> to create a new entry in the list or <maml:ui>Edit</maml:ui> to change an existing entry in the list. You can also delete an entry from the list by selecting the item and then clicking <maml:ui>Remove</maml:ui>.</maml:para>
</maml:introduction></maml:section>

</maml:sections>
</maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Firewall Rule Properties Page</maml:linkText><maml:uri href="mshelp://windows/?id=142a13a0-f0c4-4122-95d9-ecfb6f6391c4"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Connection Security Rule Properties Page: Computers Tab</maml:title><maml:introduction>
<maml:para>Use the settings on this tab of the <maml:ui>Connection Security Rule Properties</maml:ui> dialog box to specify the computers that can participate in connections protected by this connection security rule. The connection security rule applies to communications between any computer in <maml:ui>Endpoint 1</maml:ui> and any computer in <maml:ui>Endpoint 2</maml:ui>. If the local computer has an IP address that is included in one of the endpoint definitions, then it can send and receive network packets through this connection to computers that are listed as part of the other endpoint. An endpoint can consist of a single computer or a group of computers, defined by an IP address, an IP subnet address, an IP address range, or a predefined set of computers identified by role: default gateway, WINS servers, DHCP servers, DNS servers, or local subnet. The local subnet is the collection of all computers available to this computer, except for any public IP addresses (interfaces). This includes both local area network (LAN) and wireless addresses.</maml:para>
<maml:para>The following figure shows the components that you can configure by using this tab.</maml:para>
<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=64ce07a8-52a2-4d69-a392-2cae596fef27" mimeType="image/gif"><maml:summary></maml:summary></maml:objectUri></maml:embedObject></maml:para>

<maml:procedure><maml:title>To get to this tab</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, click <maml:ui>Connection Security Rules</maml:ui>. </maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Right-click the rule you want to modify, and then click <maml:ui>Properties</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click the <maml:ui>Computers</maml:ui> tab.</maml:para></maml:section></maml:sections></maml:step></maml:procedure></maml:introduction><maml:content><maml:sections><maml:section><maml:title>Endpoint 1</maml:title><maml:introduction>
<maml:para>Endpoint 1 is the collection of computers at the local end of the tunnel that must be able to send data to and receive data from the computers that are part of Endpoint 2. Click <maml:ui>Add</maml:ui> to add an individual IP address, an IP subnet address, an IP address range, or a predefined set of computers by using the <maml:ui>IP Address</maml:ui> dialog box. To change an entry in the list, select the item, and then click <maml:ui>Edit</maml:ui>. To remove an entry, select the item, and then click <maml:ui>Remove</maml:ui>.</maml:para>
<maml:para>If you created this rule by using the Client-to-Gateway tunnel rule type, then Endpoint 1 is set to <maml:ui>Any IP address</maml:ui>. If you created this rule by using the Gateway-to-Client tunnel rule type, then Endpoint 1 consists of the IP addresses of the computers on the private network behind the local tunnel endpoint (the gateway).</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title>Any IP address</maml:title><maml:introduction>
<maml:para>Select this option to specify that Endpoint 1 includes any computer that needs to communicate with a computer that is in Endpoint 2. Any network traffic to or from a computer in Endpoint 2 matches this rule and is subject to its authentication requirements.</maml:para>
</maml:introduction></maml:section>
<maml:section><maml:title>These IP addresses</maml:title><maml:introduction>
<maml:para>Select this option to specify the IP addresses of the computers that make up Endpoint 1. Click <maml:ui>Add</maml:ui> or <maml:ui>Edit</maml:ui> to display the <maml:ui>IP Address</maml:ui> dialog box where you can create or change your entries.</maml:para>
</maml:introduction></maml:section>
</maml:sections>
</maml:section><maml:section><maml:title>Endpoint 2</maml:title><maml:introduction>
<maml:para>Endpoint 2 is the collection of computers at the remote end of the tunnel that must be able to send and receive data from the computers that are part of Endpoint 1. Click <maml:ui>Add</maml:ui> to add an individual IP address, an IP subnet address, an IP address range, or a predefined set of computers by using the <maml:ui>IP Address</maml:ui> dialog box. To change an entry in the list, select the item, and then click <maml:ui>Edit</maml:ui>. To remove an entry, select the item, and then click <maml:ui>Remove</maml:ui>.</maml:para>
<maml:para>If you created this rule by using the Client-to-Gateway tunnel rule type, then Endpoint 2 consists of the IP addresses of the computers on the private network behind the remote tunnel endpoint (the gateway). If you created this rule by using the Gateway-to-Client tunnel rule type, then Endpoint 2 is set to <maml:ui>Any IP address</maml:ui>.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title>Any IP address</maml:title><maml:introduction>
<maml:para>Select this option to specify that Endpoint 2 includes any computer that needs to communicate with a computer in Endpoint 1. Any network traffic to or from a computer in Endpoint 1 matches this rule and is subject to its authentication requirements.</maml:para>
</maml:introduction></maml:section>

<maml:section><maml:title>These IP addresses</maml:title><maml:introduction>
<maml:para>Select this option to specify the IP addresses of the computers that make up Endpoint 2. Click <maml:ui>Add</maml:ui> or <maml:ui>Edit</maml:ui> to display the <maml:ui>IP Address</maml:ui> dialog box where you can create or change your entries.</maml:para>
</maml:introduction></maml:section>

</maml:sections>
</maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Connection Security Rule Properties Page</maml:linkText><maml:uri href="mshelp://windows/?id=101488a1-9f62-4797-9330-4937c888e371"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understanding Firewall Rules</maml:title><maml:introduction>
<maml:para>You create firewall rules to allow this computer to send traffic to, or receive traffic from, programs, system services, computers, or users. Firewall rules can be created to take one of three actions for all connections that match the rule's criteria:</maml:para><maml:list class="unordered">
<maml:listItem><maml:para>Allow the connection.</maml:para></maml:listItem>
<maml:listItem><maml:para>Allow a connection only if it is secured through the use of Internet Protocol security (IPsec).</maml:para></maml:listItem>
<maml:listItem><maml:para>Block the connection.</maml:para></maml:listItem>
</maml:list>
<maml:para>Rules can be created for either inbound traffic or outbound traffic. The rule can be configured to specify the computers or users, program, service, or port and protocol. You can specify which type of network adapter the rule will be applied to: local area network (LAN), wireless, remote access, such as a virtual private network (VPN) connection, or all types. You can also configure the rule to be applied when any profile is being used or only when a specified profile is being used.</maml:para>
<maml:para>As your IT environment changes, you might have to change, create, disable, or delete rules.</maml:para>


</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Understanding Firewall Rules</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?linkid=137808"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=137808)</maml:para></maml:listItem><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Configuring Firewall Rules</maml:linkText><maml:uri href="mshelp://windows/?id=f87bdc33-14b4-4832-b190-377f16d7e671"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Firewall Rule Wizard: Profile Page</maml:title><maml:introduction>
<maml:para>Use this wizard page to specify the profiles to which this rule is applied. Select any combination of profiles that meet your security goals.</maml:para>
<maml:para>This version of Windows supports multiple simultaneously active profiles. Each network adapter card attached to a network is assigned one of the following profiles based on what is detected on the attached network. This means that different firewall and connection security rules can affect network traffic, depending on which network adapter receives the traffic.</maml:para>
<maml:procedure><maml:title>To get to this wizard page</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, right-click <maml:ui>Inbound Rules</maml:ui> or <maml:ui>Outbound Rules</maml:ui>, and then click <maml:ui>New Rule</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click <maml:ui>Next</maml:ui> through the wizard until you reach the <maml:ui>Profile</maml:ui> page.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Domain</maml:title><maml:introduction>
<maml:para>The domain profile applies to a network when a domain controller is detected for the domain to which the local computer is joined. If you select this box, then the rule applies to network traffic passing through a network adapter connected to this network.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Private</maml:title><maml:introduction>
<maml:para>The private profile applies to a network when it is marked private by the computer administrator and it is not a domain network. Newly detected networks are not marked private by default. A network should be marked private only when there is some kind of security device, such as a network address translator or perimeter firewall, between the computer and the Internet. The private profile settings should be more restrictive than the domain profile settings.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Public</maml:title><maml:introduction>
<maml:para>The public profile applies to a network when the computer is connected directly to a public network, such as one available in airports and coffee shops. The public profile settings should be the most restrictive because the computer is connected to a public network where the security cannot be as tightly controlled as it is in an IT environment.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>How to change these settings</maml:title><maml:introduction>
<maml:para>After you create the firewall rule, you can change these settings in the <maml:ui>Firewall Rule Properties</maml:ui> dialog box. This dialog box opens when you double-click a rule in either <maml:ui>Inbound Rules</maml:ui> or <maml:ui>Outbound Rules</maml:ui>. To change the profiles to which the rule applies, select the <maml:ui>Advanced</maml:ui> tab.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Firewall Rule Wizard</maml:linkText><maml:uri href="mshelp://windows/?id=5886c961-2f7a-46f9-928b-2b906f2c354a"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
</maml:list>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Monitor Firewall Rules - Programs and Ports Page</maml:title><maml:introduction>
<maml:para>This tab shows information about the protocols and ports that are used to match network packets to an inbound or outbound firewall rule that is being applied to the computer.</maml:para>

<maml:procedure><maml:title>To get to this tab</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, expand <maml:ui>Monitoring</maml:ui>, and then expand <maml:ui>Firewall</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Double-click the firewall rule you want to examine, and then click the <maml:ui>Programs and Ports</maml:ui> tab.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Protocol</maml:title><maml:introduction>
<maml:para>This indicates the IP protocol type to which the rule applies, as configured on the <maml:ui>Protocols and Ports</maml:ui> tab of the <maml:ui>Firewall Rule Properties</maml:ui> page.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Local port</maml:title><maml:introduction>
<maml:para>If you are using the UDP or TCP protocol type, this indicates the UDP or TCP port to which the rule applies, on the computer where the firewall rule is applied, as configured on the <maml:ui>Protocols and Ports</maml:ui> tab of the <maml:ui>Firewall Rule Properties</maml:ui> page.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Remote port</maml:title><maml:introduction>
<maml:para>If the rule applies to the UDP or TCP protocol, this indicates the UDP or TCP port to which the rule applies, on the remote computer that is attempting to communicate with the computer where the firewall rule is applied, as configured on the <maml:ui>Protocols and Ports</maml:ui> tab of the <maml:ui>Firewall Rule Properties</maml:ui> page.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>ICMP settings</maml:title><maml:introduction>
<maml:para>If the rule applies to the Internet Control Message Protocol (ICMP) version 4 or ICMP version 6 protocol, this indicates the ICMP types and codes that are included, as configured on the <maml:ui>Protocols and Ports</maml:ui> tab of the <maml:ui>Firewall Rule Properties</maml:ui> page.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Program</maml:title><maml:introduction>
<maml:para>This indicates the program file name and path of the application to which the rule applies, as configured on the <maml:ui>Programs and Services</maml:ui> tab of the <maml:ui>Firewall Rule Properties</maml:ui> page.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Service</maml:title><maml:introduction>
<maml:para>If the program item is a service container, this indicates the service within the container to which the rule applies, as configured on the <maml:ui>Programs and Services</maml:ui> tab of the <maml:ui>Firewall Rule Properties</maml:ui> page.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Monitored Firewall Rules Properties Page</maml:linkText><maml:uri href="mshelp://windows/?id=20b3aba6-884a-4ef9-8ea7-914e4cd735d9"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Monitored Connection Security Rules Properties Page</maml:title><maml:introduction>
<maml:para>This section describes the tabs on the <maml:ui>Connection Security Rule Properties</maml:ui> page for rules displayed in <maml:ui>Monitoring</maml:ui> in Windows Firewall with Advanced Security.</maml:para>
<maml:list class="unordered">
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>General</maml:linkText><maml:uri href="mshelp://windows/?id=5ca392ca-aece-4319-90c5-80544a29b8e9"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Authentication</maml:linkText><maml:uri href="mshelp://windows/?id=53d4595a-b6b0-4133-be9e-03dcecef56e6"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Advanced</maml:linkText><maml:uri href="mshelp://windows/?id=ed344be2-ee6d-4a37-ac31-4f0b9763d04b"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Connection Security Rule Wizard: Profile Page</maml:title><maml:introduction>
<maml:para>Use this wizard page to specify the profiles to which this rule is applied. Select any combination of profiles that meet your security goals.</maml:para>
<maml:para>This version of Windows supports multiple simultaneously active profiles. Each network adapter card attached to a network is assigned one of the following profiles based on what is detected on the attached network. This means that different firewall and connection security rules can affect network traffic, depending on which network adapter receives the traffic.</maml:para>

<maml:procedure><maml:title>To get to this wizard page</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, right-click <maml:ui>Connection Security Rules</maml:ui>, and then click <maml:ui>New Rule</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click <maml:ui>Next</maml:ui> until you reach the <maml:ui>Profile</maml:ui> page.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Domain</maml:title><maml:introduction>
<maml:para>The domain profile applies to a network when a domain controller for local computerâ€™s domain is detected. If you select this box, then the rule applies to network traffic passing through the network adapter connected to this network.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Private</maml:title><maml:introduction>
<maml:para>The private profile applies to a network when it is marked private by the computer administrator and it is not a domain network. Newly detected networks are not marked private by default. A network should be marked private only when there is some kind of security device, such as a network address translator or perimeter firewall, between the computer and the Internet. The private profile settings should be more restrictive than the domain profile settings.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Public</maml:title><maml:introduction>
<maml:para>The public profile applies to a network when the computer is connected directly to a public network, such as one available in airports and coffee shops. The public profile settings should be the most restrictive because the computer is connected to a public network where security cannot be as tightly controlled as it is in an IT environment.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>How to change these settings</maml:title><maml:introduction>
<maml:para>After you create the connection security rule, you can change these settings in the <maml:ui>Connection Security Rule Properties</maml:ui> dialog box. This dialog box opens when you double-click a rule in <maml:ui>Connection Security Rules</maml:ui>. To change the profiles to which the rule applies, select the <maml:ui>Advanced</maml:ui> tab.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Connection Security Rule Wizard</maml:linkText><maml:uri href="mshelp://windows/?id=2318ec3c-e196-4a43-9d79-70ca7c52194a"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Dialog Box: Customize Protected Network Connections for a Firewall Profile</maml:title><maml:introduction>
<maml:para>Use this dialog box to configure the network connections that are protected by the rules associated with a specified network profile.</maml:para>

<maml:procedure><maml:title>To get to this dialog box</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>From the Windows Firewall with Advanced Security MMC snap-in, in <maml:ui>Overview</maml:ui>, click <maml:ui>Windows Firewall properties</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Select the tab that corresponds to the firewall profile you want to configure.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In <maml:ui>State</maml:ui>, next to <maml:ui>Protected network connections</maml:ui>, click <maml:ui>Customize</maml:ui>.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>

<maml:para>The list contains the network connections that are currently configured on the computer. By default, all network connections are selected and therefore protected. </maml:para>
<maml:para>You typically see one connection for each wired network adapter, each wireless network adapter, and each configured remote network connection (such as a VPN). Select the box next to the entry for each connection that you want protected by the rules that are assigned to the currently selected profile (the currently selected tab). Each entry is shown by its descriptive name.</maml:para>
<maml:para>If you clear the check box, then that network connection is not subject to the rules in the current profile when that network connection is connected to a network that matches the profile.</maml:para>
<maml:para>For more information about a particular network connection, use the Network and Sharing Center. To open the Network and Sharing Center, click <maml:ui>Start</maml:ui>, click <maml:ui>Control Panel</maml:ui>, click <maml:ui>Network and Internet</maml:ui>, and then click <maml:ui>Network and Sharing Center</maml:ui>. To rename a network connection, click <maml:ui>Change adapter settings</maml:ui>, right-click the adapter, click <maml:ui>Rename</maml:ui>, and then type a descriptive name for the network connection. The Network and Sharing Center also allows you to reclassify a public network to private, and vice versa. You cannot reclassify a network to or from the domain type.</maml:para>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content><maml:relatedLinks type="seeAlso"><maml:title>See Also</maml:title><maml:navigationLink><maml:linkText>User Interface: Windows Firewall with Advanced Security</maml:linkText><maml:uri href="mshelp://windows/?id=c243c092-48c6-4073-9b19-b9c98c931582"></maml:uri></maml:navigationLink></maml:relatedLinks></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understanding Firewall Profiles</maml:title><maml:introduction>
<maml:para>A firewall profile is a way of grouping settings, such as firewall rules and connection security rules, that are applied to the computer depending on where the computer is connected. On computers running this version of Windows, there are three profiles for Windows Firewall with Advanced Security:</maml:para>

<maml:table>
<maml:tableHeader><maml:row><maml:entry><maml:para>Profile</maml:para></maml:entry><maml:entry><maml:para>Description</maml:para></maml:entry></maml:row></maml:tableHeader>
<maml:row>
<maml:entry><maml:para>Domain</maml:para></maml:entry>
<maml:entry><maml:para>Applied to a network adapter when it is connected to a network on which it can detect a domain controller of the domain to which the computer is joined.</maml:para></maml:entry>
</maml:row>

<maml:row>
<maml:entry><maml:para>Private</maml:para></maml:entry>
<maml:entry><maml:para>Applied to a network adapter when it is connected to a network that is identified by the administrator as a private network. A private network is one that is not connected directly to the Internet, but is behind some kind of security device, such as a network address translation (NAT) router or hardware firewall. The private profile settings should be more restrictive than the domain profile settings.</maml:para></maml:entry>
</maml:row>

<maml:row>
<maml:entry><maml:para>Public</maml:para></maml:entry>
<maml:entry><maml:para>Applied to a network adapter when it is connected to a public network such as those available in airports and coffee shops. A public network is one that has no security devices between the computer and the Internet. The public profile settings should be the most restrictive because the computer is connected to a public network where the security cannot be controlled.</maml:para></maml:entry>
</maml:row>
</maml:table>

<maml:para>Each network adapter is assigned the firewall profile that matches the detected network type. For example, if a network adapter is connected to a public network, then all traffic going to or from that network is filtered by the firewall rules associated with the public profile.</maml:para>
<maml:alertSet class="important"><maml:title>Important </maml:title><maml:para>Windows ServerÂ 2008Â R2 and WindowsÂ 7 provide support for multiple active per-network adapter profiles. In WindowsÂ Vista and Windows ServerÂ 2008, only one profile can be active on the computer at a time. If there are multiple network adapters connected to different networks, then the profile with the most restrictive profile settings is applied to all adapters on the computer. The public profile is considered to be the most restrictive, followed by the private profile; the domain profile is considered to be the least restrictive.</maml:para></maml:alertSet>
<maml:para>If you do not alter the settings for a profile, then its default values are applied whenever Windows Firewall with Advanced Security uses the profile. We recommend that you enable Windows Firewall with Advanced Security for all three profiles.</maml:para>
<maml:para>To configure these profiles, in the Windows Firewall with Advanced Security MMC snap-in, right-click <maml:ui>Windows Firewall with Advanced Security</maml:ui>, and then click <maml:ui>Properties</maml:ui>. You can also access the properties from the <maml:ui>Action</maml:ui> menu, the <maml:ui>Action</maml:ui> pane, or the center pane, when Windows Firewall with Advanced Security is highlighted.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Windows Firewall with Advanced Security Properties Page</maml:linkText><maml:uri href="mshelp://windows/?id=05d277a3-2b83-4951-a2fc-e2ca78a24f24"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Dialog Box: Customize Advanced Key Exchange Settings</maml:title><maml:introduction>
<maml:para>Use this dialog box to add, edit, change priority, or remove the algorithm combinations that are available for key exchange during main mode negotiations. You can specify more than one algorithm combination and you can assign the order in which the combinations are tried. The first combination in the list that is compatible with both peers will be used.</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>A best practice is to list the algorithm combinations in order of highest security at the top to lowest security at the bottom. This way, the most secure algorithm in common between the two negotiating computers is used. The less secure algorithms can be used for backward compatibility.</maml:para></maml:alertSet>

<maml:procedure><maml:title>How to get to this dialog box</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>On the Windows Firewall with Advanced Security MMC snap-in page, in <maml:ui>Overview</maml:ui>, click <maml:ui>Windows Firewall Properties</maml:ui>. </maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click the <maml:ui>IPsec Settings</maml:ui> tab. </maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Under <maml:ui>IPsec defaults</maml:ui>, click <maml:ui>Customize</maml:ui>. </maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Under <maml:ui>Key exchange (Main Mode)</maml:ui>, select <maml:ui>Advanced</maml:ui>, and then click <maml:ui>Customize</maml:ui>.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Security methods</maml:title><maml:introduction>
<maml:para>Security methods are combinations of integrity algorithms and encryption algorithms that protect the key exchange. You can have as many combinations as you need and you can arrange them in preferred order in the list. The combinations are attempted in the order in which they are displayed. The first set to be agreed upon by both peer computers is used. If the peer computer cannot use any of the combinations you define, the connection attempt fails.</maml:para>
<maml:para>Some algorithms are supported only by computers running this version of Windows. For more information, see <maml:navigationLink><maml:linkText>IPsec Algorithms and Protocols Supported by Windows</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkID=129230"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkID=129230).</maml:para>
<maml:para>To add a combination to the list, click <maml:ui>Add</maml:ui> to use the <maml:ui>Add or Edit Security Method</maml:ui> dialog box.</maml:para>
<maml:para>To reorder the list, select a combination, and then click the up or down arrows.</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>As a best practice, order the combinations from highest security at the top of the list to lowest security at the bottom. This ensures that the most secure method that both peers can support is used.</maml:para>
</maml:alertSet>
</maml:introduction></maml:section><maml:section><maml:title>Key lifetimes</maml:title><maml:introduction>
<maml:para>Lifetime settings determine when a new key is generated. Key lifetimes allow you to force the generation of a new key after a specified time interval or after a specified number of sessions have been protected by using the current key. Using multiple keys ensures that if an attacker manages to gain access to one key, only a small amount of information is exposed before a new key is generated and the network traffic is protected once again. You can specify the lifetime in both minutes and number of sessions. The first threshold reached is used and the key is regenerated.</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>This key regeneration is for main mode key exchange only. These settings do not affect the key lifetime settings for quick mode data protection. </maml:para></maml:alertSet>
</maml:introduction>

<maml:sections>
<maml:section><maml:title>Minutes</maml:title><maml:introduction>
<maml:para>Use this setting to configure how long the key used in main mode security association lasts, in minutes. After this interval, a new key is generated. Subsequent main mode sessions use the new key.</maml:para>
<maml:para>The maximum lifetime is 2,879 minutes (48 hours). The minimum lifetime is 1 minute. We recommend that you rekey only as frequently as your risk analysis requires. Excessively frequent rekeying can impact performance.</maml:para>
</maml:introduction></maml:section>

<maml:section><maml:title>Sessions</maml:title><maml:introduction>
<maml:para>A session is a distinct message or set of messages protected by a quick mode SA. This setting specifies how many quick mode key generating sessions can be protected using the same main mode key information. After this threshold is reached, the counter is reset, and a new key is generated. Subsequent communications will use the new key. The maximum value is 2,147,483,647 sessions. The minimum value is 0 sessions.</maml:para>
<maml:para>A session limit of zero (0) causes the generation of a new key to be determined only by the <maml:ui>Key lifetime (in minutes)</maml:ui> setting.</maml:para>
<maml:para>Use caution when setting very different key lifetimes for main mode and quick mode keys. For example, setting a main mode key lifetime of 8 hours and a quick mode key lifetime of 2 hours might leave a quick mode SA in place for almost 2 hours after the main mode SA has expired. This occurs when the quick mode SA is generated shortly before main mode SA expiration.</maml:para>
<maml:alertSet class="important"><maml:title>Important </maml:title><maml:para>The higher the number of sessions allowed per main mode key, the greater the chance of the main mode key being discovered. If you want to limit the number of times this reuse occurs, you can specify a quick mode key limit.</maml:para></maml:alertSet>
<maml:alertSet class="security"><maml:title>Security Note </maml:title><maml:para>To configure main mode perfect forward secrecy (PFS), set <maml:ui>Key lifetime in sessions</maml:ui> to 1. Although this configuration provides significant additional protection, it also carries a significant computational and network performance penalty. Every new quick mode session regenerates the main mode keying material, which in turn causes the two computers to reauthenticate. We recommend that you enable PFS only in environments where IPsec traffic might be exposed to sophisticated attackers who might try to compromise the strong cryptographic protection provided by IPsec.</maml:para></maml:alertSet>
</maml:introduction></maml:section>
</maml:sections>
</maml:section><maml:section>
<maml:title>Key exchange options</maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section><maml:title>Use Diffie-Hellman for enhanced security</maml:title><maml:introduction>
<maml:para>WindowsÂ Vista and later versions of Windows support Authenticated IP (AuthIP) in addition to Internet Key Exchange (IKE) for establishing the initial secure connection in which the rest of the IPsec parameters are negotiated. IKE uses Diffie-Hellman exchanges only. When AuthIP is used, no Diffie-Hellman key exchange protocol is required. Instead, when Kerberos version 5 authentication is requested, the Kerberos version 5 service ticket secret is used in place of a Diffie-Hellman value. When either certificate authentication or NTLM authentication is requested, a transport level security (TLS) session is established, and its secret is used in place of the Diffie-Hellman value.</maml:para>
<maml:para>If you select this check box, then a Diffie-Hellman exchange takes place regardless of the authentication type selected, and the Diffie-Hellman secret is used to secure the rest of the IPsec negotiations. Use this when regulatory requirements specify that a Diffie-Hellman exchange must be used.</maml:para>
</maml:introduction></maml:section>
</maml:sections></maml:section></maml:sections></maml:content><maml:relatedLinks type="seeAlso"><maml:title>See Also</maml:title><maml:navigationLink><maml:linkText>User Interface: Windows Firewall with Advanced Security</maml:linkText><maml:uri href="mshelp://windows/?id=c243c092-48c6-4073-9b19-b9c98c931582"></maml:uri></maml:navigationLink></maml:relatedLinks></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Firewall Rule Wizard: Protocol and Ports Page - Port Rule Type</maml:title><maml:introduction>
<maml:para>Use this wizard page to specify which protocol and which port or ports specified in a network packet match this firewall rule. Only network traffic that matches the criteria on this page matches the rule and is subject to its action setting.</maml:para>
<maml:procedure><maml:title>To get to this wizard page</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, right-click either <maml:ui>Inbound Rules</maml:ui> or <maml:ui>Outbound Rules</maml:ui> , and then click <maml:ui>New Rule</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>On the <maml:ui>Rule Type</maml:ui> page, select <maml:ui>Port</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click <maml:ui>Next</maml:ui> through the wizard until you reach the <maml:ui>Protocol and Ports</maml:ui> page.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Does this rule apply to TCP or UDP?</maml:title><maml:introduction>
<maml:para>Select the protocol whose network traffic you want to filter with this firewall rule. If you need to filter based on a protocol other than TCP or UDP, then you must use the <maml:ui>Custom</maml:ui> rule type on the <maml:ui>Rule Type</maml:ui> page.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Inbound rules: Does this rule apply to all local ports or specific local ports?</maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section><maml:title>All local ports</maml:title><maml:introduction>
<maml:para>Use this option to apply the rule to inbound network traffic that matches any local port number.</maml:para>
</maml:introduction></maml:section>
<maml:section><maml:title>Specific local ports</maml:title><maml:introduction>
<maml:para>Use this option to apply the rule only to inbound network traffic that matches a local port number listed in the text box. You can specify multiple port numbers, separated by commas. You can also include a range of port numbers by separating the low and high values with a hyphen.</maml:para>
</maml:introduction></maml:section>
</maml:sections>
</maml:section><maml:section><maml:title>Outbound rules: Does this rule apply to all remote ports or specific remote ports?</maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section><maml:title>All remote ports</maml:title><maml:introduction>
<maml:para>Use this option to apply the rule to outbound network traffic that matches any destination port number.</maml:para>
</maml:introduction></maml:section>
<maml:section><maml:title>Specific remote ports</maml:title><maml:introduction>
<maml:para>Use this option to apply the rule only to network traffic that matches a destination port number listed in the text box. You can specify multiple port numbers, separated by commas. You can also include a range of port numbers by separating the low and high values with a hyphen.</maml:para>
</maml:introduction></maml:section>
</maml:sections>
</maml:section><maml:section><maml:title>How to change these settings</maml:title><maml:introduction>
<maml:para>After you create the firewall rule, you can change these settings in the <maml:ui>Firewall Rule Properties</maml:ui> dialog box. This dialog box appears when you double-click a rule in <maml:ui>Inbound Rules</maml:ui> and <maml:ui>Outbound Rules</maml:ui>. To change the protocols and port numbers for this rule, select the <maml:ui>Protocols and Ports</maml:ui> tab.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Firewall Rule Wizard</maml:linkText><maml:uri href="mshelp://windows/?id=5886c961-2f7a-46f9-928b-2b906f2c354a"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Dialog Box: Add or Edit Integrity and Encryption Algorithms</maml:title><maml:introduction>
<maml:para>Use this dialog box to configure an algorithm offer that includes both data integrity and data confidentiality (encryption) and that is available when negotiating quick mode security associations. You must specify both the protocol and the algorithm used to protect the integrity of the data in the network packet.</maml:para>
<maml:para>Internet Protocol security (IPsec) provides integrity by calculating a hash generated from the data in the network packet. The hash is then cryptographically signed (encrypted) and embedded in the IP packet. The receiving computer uses the same algorithm to calculate the hash, and compares the result to the hash that is embedded in the received packet. If it matches, then the information received is exactly the same as the information sent, and the packet is accepted. If it does not match, then the packet is dropped.</maml:para>
<maml:para>Using an encrypted hash of the transmitted message makes it computationally infeasible to change the message without a resulting mismatch with the hash. This is critical when data is exchanged over an unsecured network such as the Internet and provides a way to know that the message was not changed during transit.</maml:para>
<maml:para>In addition to integrity protection, this dialog box allows you to specify an encryption algorithm that helps prevent the data from being read if the network packet is intercepted while in transit.</maml:para>
<maml:procedure><maml:title>How to get to this dialog box</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in page, in <maml:ui>Overview</maml:ui>, click <maml:ui>Windows Firewall Properties</maml:ui>. </maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click the <maml:ui>IPsec Settings</maml:ui> tab. </maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Under <maml:ui>IPsec defaults</maml:ui>, click <maml:ui>Customize</maml:ui>. </maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Under <maml:ui>Data protection (Quick Mode)</maml:ui>, select <maml:ui>Advanced</maml:ui>, and then click <maml:ui>Customize</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Under <maml:ui>Data integrity and encryption</maml:ui>, select an algorithm combination from the list, and click <maml:ui>Edit</maml:ui> or <maml:ui>Add</maml:ui>.</maml:para></maml:section></maml:sections></maml:step></maml:procedure></maml:introduction><maml:content><maml:sections><maml:section><maml:title>Protocol</maml:title><maml:introduction>
<maml:para>The following protocols are used to embed the integrity and encryption information into an IP packet.</maml:para>
</maml:introduction>

<maml:sections>
<maml:section><maml:title>ESP (recommended)</maml:title><maml:introduction>
<maml:para>Encapsulating Security Payload (ESP) provides confidentiality (in addition to authentication, integrity, and anti-replay) for the IP payload. ESP in transport mode does not sign the entire packet. Only the IP data payload, not the IP header, is protected. ESP can be used alone or in combination with Authentication Header (AH). With ESP, the hash calculation includes the ESP header, trailer, and payload only. ESP provides data confidentiality services by encrypting the ESP payload with one of the supported encryption algorithms. Packet replay services are provided through the inclusion of a sequence number for each packet.</maml:para>
</maml:introduction></maml:section>

<maml:section>
<maml:title>ESP and AH</maml:title><maml:introduction>
<maml:para>This option combines the security of the ESP protocol with the AH protocol. AH provides authentication, integrity, and anti-replay for the entire packet (both the IP header and the data payload carried in the packet).</maml:para>
<maml:alertSet class="important"><maml:title>Important </maml:title><maml:para>The AH protocol is not compatible with network address translation (NAT) because NAT devices need to change information in the packet headers. To allow IPsec-based traffic to pass through a NAT device, you must ensure that NAT Traversal (NAT-T) is supported on your IPsec peer computers.</maml:para></maml:alertSet>
</maml:introduction></maml:section>
</maml:sections>
</maml:section><maml:section><maml:title>Algorithms</maml:title><maml:introduction><maml:para> </maml:para></maml:introduction>
<maml:sections>
<maml:section><maml:title>Encryption algorithm</maml:title><maml:introduction>
<maml:para>The following encryption algorithms are available to computers running this version of Windows. Some of these algorithms are not available on computers running earlier versions of Windows. If you must establish IPsec-protected connections with a computer running an earlier version of Windows, then you must include algorithm options that are compatible with the earlier version.</maml:para>
<maml:para>For more information, see <maml:navigationLink><maml:linkText>IPsec Algorithms and Methods Supported in Windows</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkID=129230"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkID=129230).</maml:para>
<maml:list class="unordered">
<maml:listItem><maml:para>AES-GCM 256</maml:para></maml:listItem>
<maml:listItem><maml:para>AES-GCM 192</maml:para></maml:listItem>
<maml:listItem><maml:para>AES-GCM 128</maml:para></maml:listItem>
<maml:listItem><maml:para>AES-CBC 256</maml:para></maml:listItem>
<maml:listItem><maml:para>AES-CBC 192</maml:para></maml:listItem>
<maml:listItem><maml:para>AES-CBC 128</maml:para></maml:listItem>
<maml:listItem><maml:para>3DES</maml:para></maml:listItem>
<maml:listItem><maml:para>DES</maml:para></maml:listItem>
</maml:list>
<maml:alertSet class="security"><maml:title>Security Note </maml:title><maml:para>We recommend that you do not use DES. It is provided for backward compatibility only.</maml:para></maml:alertSet>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>If you specify an AES-GCM algorithm for encryption, then you must specify the same algorithm for integrity.</maml:para></maml:alertSet>
</maml:introduction></maml:section>

<maml:section><maml:title>Integrity algorithm</maml:title><maml:introduction>
<maml:para>The following integrity algorithms are available to computers running this version of Windows. Some of these algorithms are not available on computers running other versions of Windows. If you must establish IPsec-protected connections with a computer running an earlier version of Windows, then you must include algorithm options that are compatible with the earlier version.</maml:para>
<maml:para>For more information, see <maml:navigationLink><maml:linkText>IPsec Algorithms and Methods Supported in Windows</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkID=129230"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkID=129230).</maml:para>
<maml:list class="unordered">
<maml:listItem><maml:para>AES-GCM 256</maml:para></maml:listItem>
<maml:listItem><maml:para>AES-GCM 192</maml:para></maml:listItem>
<maml:listItem><maml:para>AES-GCM 128</maml:para></maml:listItem>
<maml:listItem><maml:para>AES-GMAC 256</maml:para></maml:listItem>
<maml:listItem><maml:para>AES-GMAC 192</maml:para></maml:listItem>
<maml:listItem><maml:para>AES-GMAC 128</maml:para></maml:listItem>
<maml:listItem><maml:para>SHA-1</maml:para></maml:listItem>
<maml:listItem><maml:para>MD5</maml:para></maml:listItem>
</maml:list>
<maml:alertSet class="security"><maml:title>Security Note </maml:title><maml:para>We recommend that you do not use MD5. It is provided for backward compatibility only.</maml:para></maml:alertSet>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>If you specify an AES-GCM algorithm for integrity, then you must specify the same algorithm for encryption.</maml:para></maml:alertSet>
</maml:introduction></maml:section>
</maml:sections>
</maml:section><maml:section><maml:title>Key lifetimes</maml:title><maml:introduction>
<maml:para>Lifetime settings determine when a new key is generated. Key lifetimes allow you to force the generation of a new key after a specified time interval or after a specified amount of data has been transmitted. For example, if the communication takes 100 minutes and you specify a key lifetime of 10 minutes, 10 keys will be generated (one every 10 minutes) during the exchange. Using multiple keys ensures that if an attacker manages to gain the key to one part of a communication, the entire communication is not compromised.</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>This key regeneration is for quick mode data integrity and encryption and does not affect the key lifetime settings for main mode key exchange.</maml:para></maml:alertSet>
</maml:introduction>
<maml:sections>
<maml:section><maml:title>Minutes</maml:title><maml:introduction>
<maml:para>Use this setting to configure how long the key used in the quick mode security association lasts, in minutes. After this interval, the key will be regenerated. Subsequent communications will use the new key.</maml:para>
<maml:para>The maximum lifetime is 2,879 minutes (48 hours). The minimum lifetime is 5 minutes. We recommend that you rekey only as frequently as your risk analysis requires. Excessively frequent rekeying can impact performance.</maml:para></maml:introduction></maml:section>

<maml:section><maml:title>KB</maml:title><maml:introduction>
<maml:para>Use this setting to configure how many kilobytes (KB) of data are sent using the key. After this threshold is reached, the counter is reset, and the key is regenerated. Subsequent communications will use the new key.</maml:para>
<maml:para>The maximum lifetime is 2,147,483,647 KB. The minimum lifetime is 20,480 KB. We recommend that you rekey only as frequently as your risk analysis requires. Excessively frequent rekeying can impact performance.</maml:para>
</maml:introduction></maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content><maml:relatedLinks type="seeAlso"><maml:title>See Also</maml:title><maml:navigationLink><maml:linkText>User Interface: Windows Firewall with Advanced Security</maml:linkText><maml:uri href="mshelp://windows/?id=c243c092-48c6-4073-9b19-b9c98c931582"></maml:uri></maml:navigationLink></maml:relatedLinks></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Firewall Rule Properties Page: Advanced Tab</maml:title><maml:introduction>
<maml:para>Use this tab to configure the profiles and interface types to which this firewall rule will be applied.</maml:para>

<maml:procedure><maml:title>To get to this tab</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, in either <maml:ui>Inbound Rules</maml:ui> or <maml:ui>Outbound Rules</maml:ui>, double-click the firewall rule you want to modify, and then click the <maml:ui>Advanced</maml:ui> tab.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Profiles</maml:title><maml:introduction>
<maml:para>A profile is a way of grouping settings, such as firewall rules and connection security rules, that are applied to the computer depending on where the computer is connected. Windows determines a network location type for each network adapter, and then applies the corresponding profile to that network adapter. On computers running this version of Windows, there are three profiles recognized by Windows Firewall with Advanced Security.</maml:para>
<maml:table>
<maml:tableHeader><maml:row><maml:entry><maml:para>Profile</maml:para></maml:entry><maml:entry><maml:para>Description</maml:para></maml:entry></maml:row></maml:tableHeader>
<maml:row><maml:entry><maml:para>Domain</maml:para></maml:entry><maml:entry><maml:para>Applies when a computer is connected to a network that contains an ActiveÂ Directory domain controller in which the computer's domain account resides.</maml:para></maml:entry></maml:row>
<maml:row><maml:entry><maml:para>Private</maml:para></maml:entry><maml:entry><maml:para>Applies when a computer is connected to a network in which the computer's domain account does not reside, such as a home network. The private profile settings should be more restrictive than the domain profile settings. A network is assigned the private type by a local administrator.</maml:para></maml:entry></maml:row>
<maml:row><maml:entry><maml:para>Public</maml:para></maml:entry><maml:entry><maml:para>Applies when a computer is connected to a domain through a public network, such as one available in airports and coffee shops. The public profile settings should be the most restrictive because the computer is connected to a public network where the security cannot be as tightly controlled as it is in an IT environment. By default, newly discovered networks are assigned the public type.</maml:para></maml:entry></maml:row>
</maml:table>
<maml:alertSet class="note"><maml:title>Notes </maml:title><maml:alert>Computers running Windows ServerÂ 2008 and WindowsÂ Vista support only a single profile at a time. If the computer is connected to more than one network, the most restrictive profile is applied to all network adapters.</maml:alert><maml:alert>Computers running WindowsÂ XP and Windows ServerÂ 2003 support only two profiles: standard, which maps to both public and private, and domain. If the computer is connected to more than one network, the profile that is most restrictive is applied to all network adapters. For this purpose, the public profile is considered the most restrictive, followed by the private profile, and then the domain profile.</maml:alert></maml:alertSet>

</maml:introduction></maml:section><maml:section><maml:title>Interface types</maml:title><maml:introduction>
<maml:para>Click <maml:ui>Customize</maml:ui> to specify the interface types to which the connection security rule applies. The <maml:ui>Customize Interface Types</maml:ui> dialog box allows you to select <maml:ui>All interface types</maml:ui> or any combination of <maml:ui>Local area network</maml:ui>, <maml:ui>Remote access</maml:ui>, or <maml:ui>Wireless</maml:ui> types.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Edge traversal</maml:title><maml:introduction>

<maml:para>Edge traversal allows the computer to accept unsolicited inbound packets that have passed through an edge device, such as a network address translation (NAT) router or firewall. </maml:para>
<maml:alertSet class="note"><maml:title>Notes </maml:title><maml:alert>This option cannot be configured by using the New Inbound Firewall Rule wizard. To configure this setting, you must create the rule by using the wizard and then change it by using this tab.</maml:alert><maml:alert>This option applies to inbound rules only; it does not appear on the <maml:ui>Advanced</maml:ui> tab for an outbound rule.</maml:alert></maml:alertSet>
<maml:para>Select one of the following options from the list:</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title>Block edge traversal (default)</maml:title><maml:introduction>
<maml:para>Prevent applications from receiving unsolicited traffic from the Internet through a NAT edge device.</maml:para>
</maml:introduction></maml:section>

<maml:section><maml:title>Allow edge traversal</maml:title><maml:introduction>
<maml:para>Allow applications to receive unsolicited traffic directly from the Internet through a NAT edge device.</maml:para>
</maml:introduction></maml:section>

<maml:section><maml:title>Defer to user</maml:title><maml:introduction>
<maml:para>Let the user decide whether to allow unsolicited traffic from the Internet through a NAT edge device when an application requests it.</maml:para>
</maml:introduction></maml:section>

<maml:section><maml:title>Defer to application</maml:title><maml:introduction>
<maml:para>Let each application determine whether to allow unsolicited traffic from the Internet through a NAT edge device.</maml:para>
</maml:introduction></maml:section>

</maml:sections>
</maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Firewall Rule Properties Page</maml:linkText><maml:uri href="mshelp://windows/?id=142a13a0-f0c4-4122-95d9-ecfb6f6391c4"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Firewall Rule Wizard: Program Page</maml:title><maml:introduction>
<maml:para>Use this wizard page to specify one of the ways in which Windows Firewall with Advanced Security matches network packets. If this and all other criteria are matched, Windows Firewall with Advanced Security will take the action that you specify on the <maml:ui>Action</maml:ui> page.</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>To specify a service by using the wizard, choose the <maml:ui>Custom</maml:ui> option on the <maml:ui>Rule Type</maml:ui> page of the wizard.</maml:para></maml:alertSet>

<maml:procedure><maml:title>To get to this wizard page</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, right-click either <maml:ui>Inbound Rules</maml:ui> or <maml:ui>Outbound Rules</maml:ui> , and then click <maml:ui>New Rule</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>On the <maml:ui>Rule Type</maml:ui> page, select either <maml:ui>Program</maml:ui> or <maml:ui>Custom</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click <maml:ui>Next</maml:ui> through the wizard until you reach the <maml:ui>Program</maml:ui> page.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>All programs</maml:title><maml:introduction>
<maml:para>Use this option to match network packets sent or received by any program running on the local computer.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>This program path</maml:title><maml:introduction>
<maml:para>Use this option to match network packets going to or from a specified program. You can select the program in one of two ways: </maml:para>
<maml:list class="unordered">
<maml:listItem><maml:para>Type the complete path to the program. You can include environment variables, where appropriate.</maml:para>
<maml:alertSet class="important"><maml:title>Important </maml:title><maml:para>We recommend that you do not use environment variable strings that resolve only in the context of a certain user (for example, %USERPROFILE%). When these strings are evaluated by the service at runtime, the service is not running in the context of the user. The use of these strings can produce unexpected results.</maml:para></maml:alertSet></maml:listItem>
<maml:listItem><maml:para>Click <maml:ui>Browse</maml:ui> and find the program in the directory.</maml:para></maml:listItem>
</maml:list>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>To specify a service in a firewall rule, use the <maml:ui>All programs</maml:ui> option, and then select the <maml:ui>Programs and Services</maml:ui> tab on the <maml:ui>Firewall Rule Properties</maml:ui> dialog box.</maml:para></maml:alertSet></maml:introduction></maml:section><maml:section><maml:title>How to change these settings</maml:title><maml:introduction>
<maml:para>After you create the firewall rule, you can change these settings in the <maml:ui>Firewall Rule Properties</maml:ui> dialog box. This dialog box appears when you double-click a rule in <maml:ui>Inbound Rules</maml:ui> and <maml:ui>Outbound Rules</maml:ui>. To change the program path, use the <maml:ui>Programs and Services</maml:ui> tab.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Firewall Rule Wizard</maml:linkText><maml:uri href="mshelp://windows/?id=5886c961-2f7a-46f9-928b-2b906f2c354a"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>User Interface: Windows Firewall with Advanced Security</maml:title><maml:introduction>
<maml:para>This section describes each of the pages in the user interface for Windows Firewall with Advanced Security.</maml:para>
<maml:list class="unordered">
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Windows Firewall with Advanced Security Properties Page</maml:linkText><maml:uri href="mshelp://windows/?id=05d277a3-2b83-4951-a2fc-e2ca78a24f24"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Connection Security Rule Wizard</maml:linkText><maml:uri href="mshelp://windows/?id=2318ec3c-e196-4a43-9d79-70ca7c52194a"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Connection Security Rule Properties Page</maml:linkText><maml:uri href="mshelp://windows/?id=101488a1-9f62-4797-9330-4937c888e371"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Firewall Rule Wizard</maml:linkText><maml:uri href="mshelp://windows/?id=5886c961-2f7a-46f9-928b-2b906f2c354a"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Firewall Rule Properties Page</maml:linkText><maml:uri href="mshelp://windows/?id=142a13a0-f0c4-4122-95d9-ecfb6f6391c4"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Monitored Firewall Rules Properties Page</maml:linkText><maml:uri href="mshelp://windows/?id=20b3aba6-884a-4ef9-8ea7-914e4cd735d9"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Monitored Connection Security Rules Properties Page</maml:linkText><maml:uri href="mshelp://windows/?id=9d81b178-5fef-4b23-9dc7-e85f20bbf5d9"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Monitored Main Mode Security Associations</maml:linkText><maml:uri href="mshelp://windows/?id=39e393da-18a6-4a1d-85d1-d9dcb46e3b93"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Monitored Quick Mode Security Associations</maml:linkText><maml:uri href="mshelp://windows/?id=8c965889-6e37-4ad0-b41d-4f98bed709ad"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Dialog Boxes</maml:linkText><maml:uri href="mshelp://windows/?id=71ea19d0-e57f-4828-923a-632cdb208aad"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Firewall Rule Wizard: Users Page</maml:title><maml:introduction>
<maml:para>Use these settings to specify which users or user groups can connect to the local computer.</maml:para>
<maml:alertSet class="important"><maml:title>Important </maml:title><maml:para>To use these options, the firewall rule action must be set to <maml:ui>Allow the connection if it is secure</maml:ui>. To be considered secure, the network traffic must be protected by a connection security rule that requires authentication by using a method that includes user identification information, such as KerberosÂ version 5, NTLMv2, or a certificate with certificate-to-account mapping enabled.</maml:para></maml:alertSet>

<maml:procedure><maml:title>To get to this wizard page</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, right-click <maml:ui>Inbound Rules</maml:ui>, and then click <maml:ui>New rule</maml:ui>.</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>This page is displayed for inbound rules only; it is not available for outbound rules.</maml:para></maml:alertSet></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click <maml:ui>Next</maml:ui> through the wizard until you reach the <maml:ui>Action</maml:ui> page.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>On the <maml:ui>Action</maml:ui> page, select <maml:ui>Allow the connection if it is secure</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click <maml:ui>Next</maml:ui> through the wizard until you reach the <maml:ui>Users</maml:ui> page.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Authorized users</maml:title><maml:introduction>
<maml:para>Use this section to identify the user or group accounts that are allowed to make the connection specified by the rule.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title>Only allow connections from these users</maml:title><maml:introduction>
<maml:para>Select this option to specify which users can connect to this computer. Network traffic that is not authenticated as coming from a user on this list is blocked by Windows Firewall.</maml:para>
<maml:para>If you select the check box, then <maml:ui>Add</maml:ui> is enabled. Click <maml:ui>Add</maml:ui>, and then specify the user or group accounts in the <maml:ui>Select Users, Computers, or Groups</maml:ui> dialog box. To remove a user or group from the list, select the user or group, and then click <maml:ui>Remove</maml:ui>.</maml:para>
</maml:introduction></maml:section>
</maml:sections>
</maml:section><maml:section><maml:title>Exceptions</maml:title><maml:introduction>
<maml:para>Use this section to identify user or group accounts that might be listed in <maml:ui>Authorized users</maml:ui>, possibly because the user or group account is a member of a group, but whose network traffic must be blocked by Windows Firewall. For example, User A is a member of Group B. Group B is included in <maml:ui>Authorized users</maml:ui>, so network traffic authenticated as coming from a user who is a member of Group B is allowed. However, by placing User A in the <maml:ui>Exceptions</maml:ui> list, network traffic authenticated as being from User A is not processed by this rule, and so is blocked by the default firewall behavior unless some other rule allows the traffic.</maml:para></maml:introduction>

<maml:sections>
<maml:section><maml:title>Skip this rule for connections from these users</maml:title><maml:introduction>
<maml:para>Select this option to specify users or groups whose network traffic is an exception to this rule. Network traffic that is authenticated as coming from a user in this list is not processed by the rule, even if the user is also in <maml:ui>Authorized users</maml:ui>.</maml:para>
<maml:para>If you select the check box, then <maml:ui>Add</maml:ui> is enabled. Click <maml:ui>Add</maml:ui>, and then specify the user or group accounts in the <maml:ui>Select Users, Computers, or Groups</maml:ui> dialog box. To remove a user or group from the list, select the user or group, and then click <maml:ui>Remove</maml:ui>.</maml:para>
</maml:introduction></maml:section>

</maml:sections>
</maml:section><maml:section><maml:title>How to change these settings</maml:title><maml:introduction>
<maml:para>After you create the firewall rule, you can change these settings in the <maml:ui>Firewall Rule Properties</maml:ui> dialog box. This dialog box appears when you double-click a rule in <maml:ui>Inbound Rules</maml:ui>. To change these settings, select the <maml:ui>Users</maml:ui> tab.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Firewall Rule Wizard</maml:linkText><maml:uri href="mshelp://windows/?id=5886c961-2f7a-46f9-928b-2b906f2c354a"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Firewall Rule Wizard: Scope Page</maml:title><maml:introduction>
<maml:para>Use this wizard page to specify the local and remote IP addresses whose network traffic matches this rule. If the local computer is listed in the local IP addresses, then all network traffic going to or from any of the remote IP addresses matches this rule. </maml:para>
<maml:procedure><maml:title>To get to this wizard page</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, right-click either <maml:ui>Inbound Rules</maml:ui> or <maml:ui>Outbound Rules</maml:ui>, and then click <maml:ui>New Rule</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>On the <maml:ui>Rule Type</maml:ui> page, select <maml:ui>Custom</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click <maml:ui>Next</maml:ui> through the wizard until you reach the <maml:ui>Scope</maml:ui> page.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Which local IP addresses does this rule apply to?</maml:title><maml:introduction>
<maml:para>The local IP address is used by the local computer to determine if the rule applies. The rule only applies to network traffic that goes through a network adapter that is configured to use one of the specified addresses.</maml:para>
</maml:introduction>
<maml:sections>

<maml:section><maml:title>Any IP address</maml:title><maml:introduction>
<maml:para>Select this option to specify that the rule matches a network packet with any address specified as the local IP address. The local computer always matches the rule when this option is selected.</maml:para>
</maml:introduction></maml:section>

<maml:section><maml:title>These IP addresses</maml:title><maml:introduction>
<maml:para>Select this option to specify that the rule matches only network traffic that has one of the specified addresses in the local IP address field. If the local computer does not have a network adapter configured with one of the specified IP addresses, then the rule does not apply. On the <maml:ui>IP Address</maml:ui> dialog box, click <maml:ui>Add</maml:ui> to create a new entry in the list, or <maml:ui>Edit</maml:ui> to change an existing entry in the list.</maml:para>
</maml:introduction></maml:section>

<maml:section><maml:title>Customize the interface types to which this rule applies</maml:title><maml:introduction>
<maml:para>Click <maml:ui>Customize</maml:ui> to display the <maml:ui>Customize Interface Types</maml:ui> dialog box. Use this dialog box to configure which network interface types match the rule. By default, all network interface types are included.</maml:para>
</maml:introduction></maml:section>

</maml:sections>
</maml:section><maml:section><maml:title>Which remote IP addresses does this rule apply to?</maml:title><maml:introduction>
<maml:para>Specify the remote IP addresses to which the rule applies. Network traffic matches the rule if the destination IP address is one of the addresses in the list.</maml:para>
</maml:introduction>
<maml:sections>

<maml:section><maml:title>Any IP address</maml:title><maml:introduction>
<maml:para>Select this option to specify that the rule matches network packets that are addressed from (for inbound rules) or addressed to (for outbound rules) any IP address included in the list.</maml:para>
</maml:introduction></maml:section>

<maml:section><maml:title>These IP addresses</maml:title><maml:introduction>
<maml:para>Select this option to specify that the rule only matches network traffic that has one of the addresses specified in the <maml:ui>Remote IP address</maml:ui> field. On the <maml:ui>IP Address</maml:ui> dialog box, click <maml:ui>Add</maml:ui> to create a new entry in the list, or <maml:ui>Edit</maml:ui> to modify an existing entry in the list.</maml:para>
</maml:introduction></maml:section>

</maml:sections>
</maml:section><maml:section><maml:title>How to change these settings</maml:title><maml:introduction>
<maml:para>After you create the firewall rule, you can change these settings in the <maml:ui>Firewall Rule Properties</maml:ui> dialog box. This dialog box appears when you double-click a rule in <maml:ui>Inbound Rules</maml:ui> and <maml:ui>Outbound Rules</maml:ui>. To change these settings, use the <maml:ui>Scope</maml:ui> tab.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Firewall Rule Wizard</maml:linkText><maml:uri href="mshelp://windows/?id=5886c961-2f7a-46f9-928b-2b906f2c354a"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Firewall Rule Properties Page: Computers Tab</maml:title><maml:introduction><maml:para>Use these settings to specify which computers or computer groups can connect to the local computer. This tab is available on both inbound and outbound firewall rules.</maml:para>
<maml:alertSet class="important"><maml:title>Important </maml:title><maml:para>To use these options, the firewall rule action must be set to <maml:ui>Allow the connection if it is secure</maml:ui> on the <maml:ui>General</maml:ui> tab. To be considered secure, the network traffic must be protected by a connection security rule that requires authentication by using a method that includes computer identification information, such as KerberosÂ version 5, NTLMv2, or a certificate with certificate-to-account mapping enabled.</maml:para>
</maml:alertSet>
<maml:procedure><maml:title>To get to this tab</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, in either <maml:ui>Inbound Rules</maml:ui> or <maml:ui>Outbound Rules</maml:ui>, right-click the firewall rule you want to modify, and then click the <maml:ui>Computers</maml:ui> tab.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Authorized computers</maml:title><maml:introduction>
<maml:para>Use this section to identify the computer or group accounts that are allowed to make the connection specified by the rule.</maml:para>
</maml:introduction>

<maml:sections>
<maml:section><maml:title>Only allow connections from/to these computers</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem><maml:para>For inbound rules, select <maml:ui>Only allow connections from these computers</maml:ui> to specify which computers can connect to this computer. Network traffic that is not authenticated as coming from a computer on this list is blocked by Windows Firewall.</maml:para></maml:listItem>
<maml:listItem><maml:para>For outbound rules, select <maml:ui>Only allow connections to these computers</maml:ui> to specify the computers to which this computer is allowed to connect. Outbound network traffic sent to computers that cannot be authenticated as a computer on the list is blocked by Windows Firewall.</maml:para></maml:listItem>
</maml:list>
<maml:para>If you select the check box, then <maml:ui>Add</maml:ui> is enabled. Click <maml:ui>Add</maml:ui>, and then specify the computer or group accounts in the <maml:ui>Select Users, Computers, or Groups</maml:ui> dialog box.</maml:para>
<maml:para>To remove a computer or group from the list, select the computer or group, and then click <maml:ui>Remove</maml:ui>.</maml:para>
</maml:introduction></maml:section>
</maml:sections>

</maml:section><maml:section><maml:title>Exceptions</maml:title><maml:introduction>
<maml:para>Use this section to identify computer or group accounts that might be listed in <maml:ui>Authorized computers</maml:ui>, possibly because the computer or group account is a member of a group, but whose network traffic must be blocked by Windows Firewall. For example, Computer A is a member of Group B. Group B is included in <maml:ui>Authorized computers</maml:ui>, so network traffic authenticated as coming from a computer in the group is allowed. By placing Computer A in the <maml:ui>Exceptions</maml:ui> list, network traffic authenticated as being from Computer A is not processed by this rule, and so is blocked by the default firewall behavior unless some other rule allows the traffic.</maml:para>
</maml:introduction>

<maml:sections>
<maml:section><maml:title>Skip this rule for connections from/to these computers</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem><maml:para>For inbound rules, select <maml:ui>Skip this rule for connections from these computers</maml:ui> to specify the remote computers are exceptions to this rule.</maml:para></maml:listItem>
<maml:listItem><maml:para>For outbound rules, select <maml:ui>Skip this rule for connections to these computers</maml:ui> to specify the remote computers that are exceptions to this rule.</maml:para></maml:listItem>
</maml:list>
<maml:para>If you select the check box, then <maml:ui>Add</maml:ui> is enabled. Click <maml:ui>Add</maml:ui>, and then specify the computer or group accounts in the <maml:ui>Select Users, Computers, or Groups</maml:ui> dialog box.</maml:para>
<maml:para>To remove a computer or group from the list, select the computer or group, and then click <maml:ui>Remove</maml:ui>.</maml:para>
</maml:introduction></maml:section>

</maml:sections>

</maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Firewall Rule Properties Page</maml:linkText><maml:uri href="mshelp://windows/?id=142a13a0-f0c4-4122-95d9-ecfb6f6391c4"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Dialog Box: Customize IPsec Tunneling Settings</maml:title><maml:introduction>
<maml:para>Use this dialog box to configure a connection security rule to use tunnel mode rather than transport mode.</maml:para>


<maml:procedure><maml:title>To get to this dialog box</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, in the navigation pane, select <maml:ui>Connection Security Rules</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Double-click the tunnel rule that you want to modify.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click the <maml:ui>Advanced</maml:ui> tab, and then under <maml:ui>IPsec Tunneling</maml:ui>, click <maml:ui>Customize</maml:ui>.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Use IPsec tunneling</maml:title><maml:introduction>
<maml:para>Select this option to specify that the network traffic that matches this rule travels from Endpoint 1 to Endpoint 2 through an Internet Protocol security (IPsec) tunnel. Selecting this option enables the rest of the controls in this dialog box.</maml:para>
</maml:introduction><maml:sections>

<maml:section><maml:title>Apply authorization</maml:title><maml:introduction>
<maml:para>Select this option to specify that the computer or user in Endpoint 1 must authenticate with the local tunnel endpoint before any packets can be sent through the tunnel. To specify the computers or users that are authorized to send traffic through the tunnel, follow these steps:</maml:para>
<maml:procedure><maml:title>To specify users and computers authorized to send network traffic through the tunnel</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, in the navigation pane, select <maml:ui>Windows Firewall with Advanced Security</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In <maml:ui>Overview</maml:ui>, click <maml:ui>Windows Firewall Properties</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Select the <maml:ui>IPsec Settings</maml:ui> tab.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In <maml:ui>IPsec tunnel authorization</maml:ui>, click <maml:ui>Advanced</maml:ui>, and then click <maml:ui>Customize</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Add users and computers to the lists according to your design. For more information, see <maml:navigationLink><maml:linkText>Dialog Box: Customize IPsec Tunnel Authorization</maml:linkText><maml:uri href="mshelp://windows/?id=f637c2d4-a8aa-4e7a-b437-86b8e3accc7f"></maml:uri></maml:navigationLink>.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction></maml:section>

<maml:section><maml:title>Exempt IPsec protected connections</maml:title><maml:introduction>
<maml:para>Sometimes a network packet might match more than one connection security rule. If one of the rules establishes an IPsec tunnel, you can choose whether to use the tunnel or send the packet outside of the tunnel protected by the other rule. Select the option to specify that network traffic that matches another IPsec connection security rule does not go through the IPsec tunnel.</maml:para>
</maml:introduction></maml:section>

<maml:section><maml:title>Local tunnel endpoint (closest to Endpoint 1)</maml:title><maml:introduction>
<maml:para>Use this option to identify the computer that terminates the tunnel at the end closest to the computers in Endpoint 1. Click <maml:ui>Edit</maml:ui> to enter an Internet Protocol version 4 (IPv4) address, Internet Protocol version 6 (IPv6) address, or both.</maml:para>
<maml:alertSet class="important"><maml:title>Important </maml:title><maml:para>You must be consistent in the version of IP you specify for the addresses in a tunnel. If you specify IPv4 addresses, then do so for both tunnel endpoints and Endpoint1 and Endpoint 2. You can specify both IPv4 and IPv6, but you must then specify both for both tunnel endpoints and Endpoint 1 and Endpoint 2.</maml:para></maml:alertSet>
</maml:introduction></maml:section>

<maml:section><maml:title>Remote tunnel endpoint (closest to Endpoint 2)</maml:title><maml:introduction>
<maml:para>Use this option to identify the computer that terminates the tunnel at the end closest to the computers in Endpoint 2. Click <maml:ui>Edit</maml:ui> to enter an IPv4 address, IPv6 address, or both.</maml:para>
<maml:alertSet class="important"><maml:title>Important </maml:title><maml:para>You must be consistent in the version of IP you specify for the addresses in a tunnel. If you specify IPv4 addresses, then do so for both tunnel endpoints and Endpoint1 and Endpoint 2. You can specify both IPv4 and IPv6, but you must then specify both for both tunnel endpoints and Endpoint 1 and Endpoint 2.</maml:para></maml:alertSet>
<maml:para>For information about IPsec tunneling, see <maml:navigationLink><maml:linkText>Connection Security Rule Wizard: Tunnel Type Page</maml:linkText><maml:uri href="mshelp://windows/?id=710fa446-c600-4691-ae28-37a9824fb95d"></maml:uri></maml:navigationLink>.</maml:para></maml:introduction></maml:section>

</maml:sections>
</maml:section></maml:sections></maml:content><maml:relatedLinks type="seeAlso"><maml:title>See Also</maml:title><maml:navigationLink><maml:linkText>User Interface: Windows Firewall with Advanced Security</maml:linkText><maml:uri href="mshelp://windows/?id=c243c092-48c6-4073-9b19-b9c98c931582"></maml:uri></maml:navigationLink></maml:relatedLinks></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Dialog Box: Add Security Method</maml:title><maml:introduction>
<maml:para>Use this dialog box to configure a security method offer that is available when negotiating main mode security associations. You must specify the integrity, encryption, and key exchange algorithm.</maml:para>
<maml:procedure><maml:title>How to get to this dialog box</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>On the Windows Firewall with Advanced Security MMC snap-in page, in <maml:ui>Overview</maml:ui>, click <maml:ui>Windows Firewall Properties</maml:ui>. </maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click the <maml:ui>IPsec Settings</maml:ui> tab. </maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Under <maml:ui>IPsec defaults</maml:ui>, click <maml:ui>Customize</maml:ui>. </maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Under <maml:ui>Key exchange (Main Mode)</maml:ui>, select <maml:ui>Advanced</maml:ui>, and then click <maml:ui>Customize</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Under <maml:ui>Security methods</maml:ui>, select an algorithm combination from the list, and click <maml:ui>Edit</maml:ui> or <maml:ui>Add</maml:ui>.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>

</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Integrity algorithm</maml:title><maml:introduction>
<maml:para>Select one of the following integrity algorithms from the list.</maml:para>
<maml:list class="unordered">
<maml:listItem><maml:para>SHA-384</maml:para></maml:listItem>
<maml:listItem><maml:para>SHA-256</maml:para></maml:listItem>
<maml:listItem><maml:para>SHA-1</maml:para></maml:listItem>
<maml:listItem><maml:para>MD5</maml:para>
<maml:alertSet class="caution"><maml:title>Caution </maml:title><maml:para>MD5 is no longer considered secure and should only be used for testing purposes or in cases in which the remote computer cannot use a more secure algorithm. It is included for backward compatibility only.</maml:para></maml:alertSet></maml:listItem>
</maml:list>
</maml:introduction></maml:section><maml:section><maml:title>Encryption algorithm</maml:title><maml:introduction>
<maml:para>Select one of the following encryption algorithms from the list.</maml:para>
<maml:list class="unordered">
<maml:listItem><maml:para>AES-CBC 256</maml:para></maml:listItem>
<maml:listItem><maml:para>AES-CBC-192</maml:para></maml:listItem>
<maml:listItem><maml:para>AES-CBC-128</maml:para></maml:listItem>
<maml:listItem><maml:para>3DES</maml:para></maml:listItem>
<maml:listItem><maml:para>DES</maml:para>
<maml:alertSet class="caution"><maml:title>Caution </maml:title><maml:para>DES is no longer considered secure and should only be used for testing purposes or in cases in which the remote computer cannot use a more secure algorithm. It is included for backward compatibility only.</maml:para></maml:alertSet></maml:listItem>
</maml:list>
</maml:introduction></maml:section><maml:section><maml:title>Key exchange algorithm</maml:title><maml:introduction>
<maml:para>Select one of the following key exchange algorithms from the list.</maml:para>
<maml:list class="unordered">
<maml:listItem><maml:para>Elliptic Curve Diffie-Hellman P-384</maml:para></maml:listItem>
<maml:listItem><maml:para>Elliptic Curve Diffie-Hellman P-256</maml:para></maml:listItem>
<maml:listItem><maml:para>Diffie-Hellman Group 14</maml:para></maml:listItem>
<maml:listItem><maml:para>Diffie-Hellman Group 2</maml:para></maml:listItem>
<maml:listItem><maml:para>Diffie-Hellman Group 1</maml:para>
<maml:alertSet class="caution"><maml:title>Caution </maml:title><maml:para>DH1 is no longer considered secure and should only be used for testing purposes or in cases in which the remote computer cannot use a more secure algorithm. It is included for backward compatibility only.</maml:para></maml:alertSet></maml:listItem>
</maml:list>
<maml:para>For more information about any of these algorithms, see <maml:navigationLink><maml:linkText>IPsec Algorithms and Methods Supported in Windows</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?linkid=129230"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=129230).</maml:para></maml:introduction></maml:section></maml:sections></maml:content><maml:relatedLinks type="seeAlso"><maml:title>See Also</maml:title><maml:navigationLink><maml:linkText>User Interface: Windows Firewall with Advanced Security</maml:linkText><maml:uri href="mshelp://windows/?id=c243c092-48c6-4073-9b19-b9c98c931582"></maml:uri></maml:navigationLink></maml:relatedLinks></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Connection Security Rule Wizard: Authentication Method Page</maml:title><maml:introduction>
<maml:para>Use these settings to configure the type of authentication used by this connection security rule. </maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>Not all of the authentication methods listed here are available for all connection security rule types. The authentication methods available for the rule type are displayed on the <maml:ui>Authentication Method</maml:ui> page of the New Connection Security Rule Wizard and on the <maml:ui>Authentication</maml:ui> tab on the <maml:ui>Connection Security Rule Properties</maml:ui> page.</maml:para></maml:alertSet>
<maml:para>For more information about the authentication methods, see <maml:navigationLink><maml:linkText>IPsec Algorithms and Methods Supported in Windows</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?linkid=129230"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=129230).</maml:para>

<maml:procedure><maml:title>To get to this wizard page</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, right-click <maml:ui>Connection Security Rules</maml:ui>, and then click <maml:ui>New Rule</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click <maml:ui>Next</maml:ui> until you reach the <maml:ui>Authentication Method</maml:ui> page.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Default</maml:title><maml:introduction>
<maml:para>This option is available only when you specify an <maml:ui>Isolation</maml:ui> or <maml:ui>Custom</maml:ui> rule type.</maml:para>
<maml:para>Select this option to use the authentication method currently displayed on the <maml:ui>Windows Firewall with Advanced Security Properties</maml:ui> dialog box, on the <maml:ui>IPsec Settings</maml:ui> tab, under <maml:ui>Authentication Method</maml:ui>. For more information about customizing the default options, see <maml:navigationLink><maml:linkText>Dialog Box: Customize IPsec Settings</maml:linkText><maml:uri href="mshelp://windows/?id=66011489-1eee-4986-9373-565e557db23b"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Computer and user (Kerberos V5)</maml:title><maml:introduction>
<maml:para>This option is available only when you specify an <maml:ui>Isolation</maml:ui> or <maml:ui>Custom</maml:ui> rule type.</maml:para>
<maml:para>Select this option to use both computer and user authentication with the KerberosÂ version 5 protocol. It is equivalent to selecting <maml:ui>Advanced</maml:ui>, adding <maml:ui>Computer (KerberosÂ V5)</maml:ui> for first authentication and <maml:ui>User (KerberosÂ V5)</maml:ui> for second authentication, and then clearing both <maml:ui>First authentication is optional</maml:ui> and <maml:ui>Second authentication is optional</maml:ui>.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Computer (Kerberos V5)</maml:title><maml:introduction>
<maml:para>This option is available only when you specify an <maml:ui>Isolation</maml:ui> or <maml:ui>Custom</maml:ui> rule type.</maml:para>
<maml:para>Select this option to use computer authentication with the KerberosÂ version 5 protocol. It is equivalent to selecting <maml:ui>Advanced</maml:ui>, adding <maml:ui>Computer (KerberosÂ V5)</maml:ui> for first authentication, and then selecting <maml:ui>Second authentication is optional</maml:ui>.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Computer certificate</maml:title><maml:introduction>
<maml:para>This option is available only when you specify a <maml:ui>Server-to-server</maml:ui> or <maml:ui>Tunnel</maml:ui> rule type.</maml:para>
<maml:para>Select this option to use computer authentication based on a computer certificate. It is equivalent to selecting <maml:ui>Advanced</maml:ui>, adding <maml:ui>Computer certificate</maml:ui> for first authentication, and then selecting <maml:ui>Second authentication is optional</maml:ui>.</maml:para>
</maml:introduction>

<maml:sections>
<maml:section><maml:title>Signing algorithm</maml:title><maml:introduction>
<maml:para>Specify the signing algorithm used to cryptographically secure the certificate.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title>RSA (default)</maml:title><maml:introduction>
<maml:para>Select this option if the certificate is signed by using the RSA public-key cryptography algorithm.</maml:para>
</maml:introduction></maml:section>
<maml:section><maml:title>ECDSA-P256</maml:title><maml:introduction>
<maml:para>Select this option if the certificate is signed by using the Elliptic Curve Digital Signature Algorithm (ECDSA) with 256-bit key strength.</maml:para>
</maml:introduction></maml:section>
<maml:section><maml:title>ECDSA-P384</maml:title><maml:introduction>
<maml:para>Select this option if the certificate is signed by using ECDSA with 384-bit key strength.</maml:para>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>

<maml:section><maml:title>Certificate store type</maml:title><maml:introduction>
<maml:para>Specify the type of certificate by identifying the store in which the certificate is located.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title>Root CA (default)</maml:title><maml:introduction>
<maml:para>Select this option if the certificate was issued by a root certification authority (CA) and is stored in the local computerâ€™s Trusted Root Certification Authorities certificate store.</maml:para>
</maml:introduction></maml:section>
<maml:section><maml:title>Intermediate CA</maml:title><maml:introduction>
<maml:para>Select this option if the certificate was issued by an intermediate CA and is stored in the local computerâ€™s Intermediate Certification Authorities certificate store.</maml:para>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>

<maml:section><maml:title>Accept only health certificates</maml:title><maml:introduction>
<maml:para>This option restricts the use of computer certificates to those that are marked as heath certificates. Health certificates are published by a CA in support of a Network Access Protection (NAP) deployment. NAP lets you define and enforce health policies so that  computers that do not comply with network requirements, such as computers without antivirus software or those that do not have the latest software updates, are less likely to access your network. To implement NAP, you need to configure NAP settings on both server and client computers. NAP Client Management, a Microsoft Management Console (MMC) snap-in, helps you configure NAP settings on your client computers. For more information, see the NAP MMC snap-in Help. To use this option, you must have a NAP server set up in the domain.</maml:para>
</maml:introduction></maml:section>
</maml:sections>

</maml:section><maml:section><maml:title>Advanced</maml:title><maml:introduction>
<maml:para>This option is available when you specify any rule type.</maml:para>
<maml:para>Select this option to configure any available authentication method. You must then click <maml:ui>Customize</maml:ui> and specify a list of methods for both first authentication and second authentication. For more information, see <maml:navigationLink><maml:linkText>Dialog Box: Customize Advanced Authentication Methods</maml:linkText><maml:uri href="mshelp://windows/?id=f19cbe6e-7235-4613-90d0-6f7a3e8a6093"></maml:uri></maml:navigationLink>, <maml:navigationLink><maml:linkText>Dialog Box: Add or Edit First Authentication Method</maml:linkText><maml:uri href="mshelp://windows/?id=f9172bb1-6c9e-4e09-a1cb-6e6912459aee"></maml:uri></maml:navigationLink>, and <maml:navigationLink><maml:linkText>Dialog Box: Add or Edit Second Authentication Method</maml:linkText><maml:uri href="mshelp://windows/?id=dd07bae3-3af0-469b-adc8-84f78f4169e8"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>How to change these settings</maml:title><maml:introduction>
<maml:para>After you create the connection security rule, you can change these settings in the <maml:ui>Connection Security Rule Properties</maml:ui> dialog box. This dialog box opens when you double-click a rule in <maml:ui>Connection Security Rules</maml:ui>. To change the authentication methods used by this rule, select the <maml:ui>Authentication</maml:ui> tab. </maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Connection Security Rule Wizard</maml:linkText><maml:uri href="mshelp://windows/?id=2318ec3c-e196-4a43-9d79-70ca7c52194a"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
</maml:list>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Monitor Firewall Rules - Advanced</maml:title><maml:introduction>
<maml:para>This tab displays information about authenticated users and computers whose network traffic is affected by this rule. This tab should be used only when the action for the rule is set to <maml:ui>Allow if secure</maml:ui>.</maml:para>

<maml:procedure><maml:title>To get to this tab</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, expand <maml:ui>Monitoring</maml:ui>, and then expand <maml:ui>Firewall</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Double-click the firewall rule you want to examine, and then click the <maml:ui>Advanced</maml:ui> tab.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Authorized users and computers</maml:title><maml:introduction>
<maml:para>This is a list of the users or groups of users authorized by this rule, as configured on the <maml:ui>Users</maml:ui> and <maml:ui>Computers</maml:ui> tabs of the <maml:ui>Firewall Rule Properties</maml:ui> dialog box.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Excepted users and computers</maml:title><maml:introduction>
<maml:para>This is a list of the users or groups of users who are not subject to this rule, as configured on the <maml:ui>Users</maml:ui> and <maml:ui>Computers</maml:ui> tabs of the <maml:ui>Firewall Rule Properties</maml:ui> dialog box. If a user or computer appears under both <maml:ui>Authorized</maml:ui> and <maml:ui>Excepted</maml:ui>, the exception takes priority, and the network traffic from that user or computer is not subject to this rule.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Interface types</maml:title><maml:introduction>
<maml:para>This is a list of the network interface types to which this rule applies (<maml:ui>Local area network</maml:ui>, <maml:ui>Remote access</maml:ui>, <maml:ui>Wireless</maml:ui>, or <maml:ui>All interface types</maml:ui>), as configured on the <maml:ui>Advanced</maml:ui> tab of the <maml:ui>Firewall Rule Properties</maml:ui> dialog box.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Edge traversal</maml:title><maml:introduction>
<maml:para>This indicates whether edge traversal is enabled (<maml:ui>Allow edge traversal</maml:ui>) or disabled (<maml:ui>Block edge traversal</maml:ui>). The <maml:ui>Defer to user</maml:ui> and <maml:ui>Defer to application</maml:ui> options are used to indicate that the user or application must make the decision to allow unsolicited traffic from the Internet through a network address translation (NAT) edge device. When edge traversal is enabled, the application, service, or port to which the rule applies is globally addressable and accessible from outside a NAT edge device. This setting is configured on the <maml:ui>Advanced</maml:ui> tab of the <maml:ui>Firewall Rule Properties</maml:ui> dialog box.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Monitored Firewall Rules Properties Page</maml:linkText><maml:uri href="mshelp://windows/?id=20b3aba6-884a-4ef9-8ea7-914e4cd735d9"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Connection Security Rule Properties Page: Protocols and Ports Tab</maml:title><maml:introduction>
<maml:para>Use this tab of the <maml:ui>Connection Security Rule Properties</maml:ui> dialog box to specify which protocols and ports in a network packet match this connection security rule. Only network traffic that matches the criteria on both this tab and the endpoints on the <maml:ui>Computers</maml:ui> tab match the rule and are subject to its authentication requirements.</maml:para>

<maml:procedure><maml:title>To get to this tab</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, click <maml:ui>Connection Security Rules</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Right-click the rule that you want to modify, and then click <maml:ui>Properties</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click the <maml:ui>Protocols and Ports</maml:ui> tab.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Protocol type</maml:title><maml:introduction>
<maml:para>Select the protocol whose network traffic will be protected by this connection security rule. If the protocol you want is not in the list, select <maml:ui>Custom</maml:ui>, and type the protocol number in <maml:ui>Protocol number</maml:ui>.</maml:para>
<maml:para>If you choose TCP or UDP in the list, then you can specify the TCP or UDP port numbers in <maml:ui>Endpoint 1 port</maml:ui> and <maml:ui>Endpoint 2 port</maml:ui>.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Protocol number</maml:title><maml:introduction>
<maml:para>When you select a protocol type, the corresponding protocol identification number is automatically displayed in <maml:ui>Protocol number</maml:ui> and is read-only. If you select <maml:ui>Custom</maml:ui> for <maml:ui>Protocol type</maml:ui>, then type the protocol identification number in <maml:ui>Protocol number</maml:ui>.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Endpoint 1 port</maml:title><maml:introduction>
<maml:para>This option is available only if the protocol is set to TCP or UDP. Use this option to specify the port number used by the computer that is part of Endpoint 1. If you select <maml:ui>All ports</maml:ui>, then all network traffic for the protocol you selected matches this connection security rule. If you select <maml:ui>Specific Ports</maml:ui>, then you can type the port numbers in the box under the list. Separate port numbers with commas.</maml:para>
<maml:alertSet class="note"><maml:title>Notes </maml:title><maml:alert>If this rule has <maml:ui>Do not authenticate</maml:ui> on the <maml:ui>Authentication</maml:ui> tab, then you can type port numbers in a range by separating the low and high values with a hyphen, as shown:</maml:alert><maml:alert><maml:userInput>80, 445, 5000-5010</maml:userInput></maml:alert></maml:alertSet>
</maml:introduction></maml:section><maml:section><maml:title>Endpoint 2 port</maml:title><maml:introduction>
<maml:para>This option is available only if the protocol is set to TCP or UDP. Use this option to specify the port number used by the computer that is part of Endpoint 2. If you select <maml:ui>All ports</maml:ui>, then all network traffic for the protocol you selected matches this connection security rule. If you select <maml:ui>Specific Ports</maml:ui>, then you can type the port numbers in the box under the list. Separate port numbers with commas.</maml:para>
<maml:alertSet class="note"><maml:title>Notes </maml:title><maml:alert>If this rule has <maml:ui>Do not authenticate</maml:ui> on the <maml:ui>Authentication</maml:ui> tab, then you can type port numbers in a range by separating the low and high values with a hyphen, as shown:</maml:alert><maml:alert><maml:userInput>80, 445, 5000-5010</maml:userInput></maml:alert></maml:alertSet>
</maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Connection Security Rule Properties Page</maml:linkText><maml:uri href="mshelp://windows/?id=101488a1-9f62-4797-9330-4937c888e371"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Firewall Rule Wizard: Rule Type Page</maml:title><maml:introduction>
<maml:para>Windows Firewall with Advanced Security provides four basic types of firewall rules. By using one of these firewall rule types, you can create exceptions to explicitly allow or explicitly deny a connection through Windows Firewall. The same wizard and property pages are used to create both inbound and outbound rules. The choice you make on this page determines which pages are displayed by the Firewall Rule Wizard.</maml:para>
<maml:para>You can change the settings for any firewall rule after you create it. To make these changes, right-click the firewall rule in the results pane, and then select <maml:ui>Properties</maml:ui>.</maml:para>
<maml:procedure><maml:title>To get to this wizard page</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, right-click <maml:ui>Inbound Rules</maml:ui> or <maml:ui>Outbound Rules</maml:ui>, and then click <maml:ui>New Rule</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>The <maml:ui>Rule Type</maml:ui> page is displayed.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Program</maml:title><maml:introduction>
<maml:para>Use this type of firewall rule to allow a connection based on the program that is trying to connect. This is an easy way to allow connections for Microsoft Outlook or other programs. It is also useful if you are not sure of the port or other settings required to allow access. You only need to specify the path to the program executable (.exe) file. </maml:para>
<maml:para>By default, the program is allowed to accept connections on any port. To restrict a program rule to allow traffic on specified port numbers only, after you create the rule, use the <maml:ui>Protocols and Ports</maml:ui> tab to change the rule properties.</maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Port</maml:title><maml:introduction>
<maml:para>Use this type of firewall rule to allow a connection based on the TCP or UDP port number over which the computer is trying to connect. You can specify the protocol (either TCP or UDP) and the local ports. You can specify more than one port number.</maml:para>
<maml:para>By default, any program currently running on the computer can accept network traffic on a port opened with this type of rule. To restrict the open port to a specified program only, after you create the rule, use the <maml:ui>Programs and Services</maml:ui> tab to change the rule properties.</maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Predefined</maml:title><maml:introduction>
<maml:para>Use this type of firewall rule to allow a connection by selecting one of the programs or services from the list. Most of the well known services and programs available on computers running this version of Windows appear in this list. Network programs that you install typically add their own entries to this list so that you can enable and disable them as a group.</maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Custom</maml:title><maml:introduction>
<maml:para>Use this type of firewall rule to create a firewall rule that you can configure to allow a connection based on criteria not covered by the other types of firewall rules.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Firewall Rule Wizard</maml:linkText><maml:uri href="mshelp://windows/?id=5886c961-2f7a-46f9-928b-2b906f2c354a"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Dialog Box: Add or Edit Second Authentication Method</maml:title><maml:introduction>
<maml:para>Use these settings to specify the way in which the user account on the peer computer is authenticated. You can also specify that the computer must have a computer health certificate. The second authentication method is performed by Authenticated IP (AuthIP) in an extended mode of the main mode phase of Internet Protocol security (IPsec) negotiations. </maml:para>
<maml:para>You can specify multiple methods to use for this authentication. The methods are attempted in the order you specify. The first successful method is used.</maml:para>
<maml:para>For more information about the authentication methods available in this dialog box, see <maml:navigationLink><maml:linkText>IPsec Algorithms and Methods Supported in Windows</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?linkid=129230"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=129230).</maml:para>

<maml:procedure><maml:title>To get to this dialog box</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>When modifying the system-wide default settings:</maml:para>
<maml:list class="ordered">
<maml:listItem><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, in the navigation pane, click <maml:ui>Windows Firewall with Advanced Security</maml:ui>, and then in <maml:ui>Overview</maml:ui>, click <maml:ui>Windows Firewall Properties</maml:ui>.</maml:para></maml:listItem>
<maml:listItem><maml:para>Click the <maml:ui>IPsec Settings</maml:ui> tab, and then under <maml:ui>IPsec defaults</maml:ui>, click <maml:ui>Customize</maml:ui>.</maml:para></maml:listItem>
<maml:listItem><maml:para>Under <maml:ui>Authentication Method</maml:ui>, select <maml:ui>Advanced</maml:ui>, and then click <maml:ui>Customize</maml:ui>.</maml:para></maml:listItem>
<maml:listItem><maml:para>Under <maml:ui>Second authentication</maml:ui>, select a method, and then click <maml:ui>Edit</maml:ui> or <maml:ui>Add.</maml:ui></maml:para></maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>When creating a new connection security rule:</maml:para>
<maml:list class="ordered">
<maml:listItem><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, in the navigation pane, right-click <maml:ui>Connection Security Rules</maml:ui>, and then click <maml:ui>New Rule</maml:ui>.</maml:para></maml:listItem>
<maml:listItem><maml:para>On the <maml:ui>Rule Type</maml:ui> page, select any type except <maml:ui>Authentication exemption</maml:ui>.</maml:para></maml:listItem>
<maml:listItem><maml:para>On the <maml:ui>Authentication Method</maml:ui> page, select <maml:ui>Advanced</maml:ui>, and then click <maml:ui>Customize</maml:ui>.</maml:para></maml:listItem>
<maml:listItem><maml:para>Under <maml:ui>Second authentication</maml:ui>, select a method, and then click <maml:ui>Edit</maml:ui> or <maml:ui>Add.</maml:ui></maml:para></maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>When modifying an existing security rule:</maml:para>
<maml:list class="ordered">
<maml:listItem><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, in the navigation pane, click <maml:ui>Connection Security Rules</maml:ui>.</maml:para></maml:listItem>
<maml:listItem><maml:para>Double-click the connection security rule that you want to modify.</maml:para></maml:listItem>
<maml:listItem><maml:para>Click the <maml:ui>Authentication</maml:ui> tab.</maml:para></maml:listItem>
<maml:listItem><maml:para>Under <maml:ui>Method</maml:ui>, click <maml:ui>Advanced</maml:ui>, and then click <maml:ui>Customize</maml:ui>.</maml:para></maml:listItem>
<maml:listItem><maml:para>Under <maml:ui>Second authentication</maml:ui>, select a method, and then click <maml:ui>Edit</maml:ui> or <maml:ui>Add.</maml:ui></maml:para></maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>User (KerberosÂ V5)</maml:title><maml:introduction>
<maml:para>You can use this method to authenticate a user logged on to a remote computer that is part of the same domain or in separate domains that have a trust relationship. The logged-on user must have a domain account and the computer must be joined to a domain in the same forest.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>User (NTLMv2)</maml:title><maml:introduction>
<maml:para>NTLMv2 is an alternative way to authenticate a user logged on to a remote computer that is part of the same domain or in a domain that has a trust relationship to the domain of the local computer. The user account and the computer must be joined to domains that are part of the same forest.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>User certificate</maml:title><maml:introduction>
<maml:para>Use a public key certificate in situations that include external business partner communications or computers that do not run the KerberosÂ version 5 authentication protocol. This requires that at least one trusted root certification authority (CA) is configured on or accessible through your network and that client computers have an associated computer certificate. This method is useful when the users are not in the same domain or are in separate domains without a two-way trust relationship, and KerberosÂ version 5 cannot be used.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title>Signing algorithm</maml:title><maml:introduction>
<maml:para>Specify the signing algorithm used to cryptographically secure the certificate.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title>RSA (default)</maml:title><maml:introduction>
<maml:para>Select this option if the certificate is signed by using the RSA public-key cryptography algorithm.</maml:para>
</maml:introduction></maml:section>
<maml:section><maml:title>ECDSA-P256</maml:title><maml:introduction>
<maml:para>Select this option if the certificate is signed by using the Elliptic Curve Digital Signature Algorithm (ECDSA) with 256-bit key strength.</maml:para>
</maml:introduction></maml:section>
<maml:section><maml:title>ECDSA-P384</maml:title><maml:introduction>
<maml:para>Select this option if the certificate is signed by using ECDSA with 256-bit key strength.</maml:para>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>

<maml:section><maml:title>Certificate store type</maml:title><maml:introduction>
<maml:para>Specify the type of certificate by identifying the store in which the certificate is located.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title>Root CA (default)</maml:title><maml:introduction>
<maml:para>Select this option if the certificate was issued by a root CA and is stored in the local computerâ€™s Trusted Root Certification Authorities certificate store.</maml:para>
</maml:introduction></maml:section>
<maml:section><maml:title>Intermediate CA</maml:title><maml:introduction>
<maml:para>Select this option if the certificate was issued by an intermediate CA and is stored in the local computerâ€™s Intermediate Certification Authorities certificate store.</maml:para>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>

<maml:section><maml:title>Enable certificate to account mapping</maml:title><maml:introduction>
<maml:para>When you enable IPsec certificate-to-account mapping, the Internet Key Exchange (IKE) and AuthIP protocols associate (map) a user certificate to a user account in an Active Directory domain or forest, and then retrieve an access token, which includes the list of user security groups. This process ensures that the certificate offered by the IPsec peer corresponds to an active user account in the domain, and that the certificate is one that should be used by that user.</maml:para>
<maml:para>Certificate-to-account mapping can only be used for user accounts that are in the same forest as the computer performing the mapping. This provides much stronger authentication than simply accepting any valid certificate chain. For example, you can use this capability to restrict access to users who are within the same forest. Certificate-to-account mapping, however, does not ensure that a specific trusted user is being allowed IPsec access.</maml:para>
<maml:para>Certificate-to-account mapping is especially useful if the certificates come from a public key infrastructure (PKI) that is not integrated with your Active Directory Domain Services (ADÂ DS) deployment, such as if business partners obtain their certificates from non-Microsoft providers. You can configure the IPsec policy authentication method to map certificates to a domain user account for a specific root CA. You can also map all certificates from an issuing CA to one user account. This allows certificate authentication to be used to limit which forests are allowed IPsec access in an environment where many forests exist and each performs autoenrollment under a single internal root CA. If the certificate-to-account mapping process is not completed properly, authentication will fail and IPsec-protected connections will be blocked.</maml:para>
</maml:introduction></maml:section>
</maml:sections>
</maml:section><maml:section><maml:title>Computer health certificate</maml:title><maml:introduction>
<maml:para>Use this option to specify that only a computer that presents a certificate from the specified CA and that is marked as a Network Access Protection (NAP) health certificate can authenticate by using this connection security rule. NAP lets you define and enforce health policies so that computers that do not comply with network policies, such as computers without antivirus software or those that do not have the latest software updates, are less likely to access your network. To implement NAP, you need to configure NAP settings on both server and client computers. For more information, see the NAP MMC snap-in Help. To use this method, you must have a NAP server set up in the domain.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title>Signing algorithm</maml:title><maml:introduction>
<maml:para>Specify the signing algorithm used to cryptographically secure the certificate.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title>RSA (default)</maml:title><maml:introduction>
<maml:para>Select this option if the certificate is signed by using the RSA public-key cryptography algorithm.</maml:para>
</maml:introduction></maml:section>
<maml:section><maml:title>ECDSA-P256</maml:title><maml:introduction>
<maml:para>Select this option if the certificate is signed by using the Elliptic Curve Digital Signature Algorithm (ECDSA) with 256-bit key strength.</maml:para>
</maml:introduction></maml:section>
<maml:section><maml:title>ECDSA-P384</maml:title><maml:introduction>
<maml:para>Select this option if the certificate is signed by using ECDSA with 384-bit key strength.</maml:para>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>

<maml:section><maml:title>Certificate store type</maml:title><maml:introduction>
<maml:para>Specify the type of certificate by identifying the store in which the certificate is located.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title>Root CA (default)</maml:title><maml:introduction>
<maml:para>Select this option if the certificate was issued by a root CA and is stored in the local computerâ€™s Trusted Root Certification Authorities certificate store.</maml:para>
</maml:introduction></maml:section>
<maml:section><maml:title>Intermediate CA</maml:title><maml:introduction>
<maml:para>Select this option if the certificate was issued by an intermediate CA and is stored in the local computerâ€™s Intermediate Certification Authorities certificate store.</maml:para>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>

<maml:section><maml:title>Enable certificate to account mapping</maml:title><maml:introduction>
<maml:para>When you enable IPsec certificate-to-account mapping, the IKE and AuthIP protocols associate (map) a certificate to a user or computer account in an Active Directory domain or forest, and then retrieve an access token, which includes the list of security groups. This process ensures that the certificate offered by the IPsec peer corresponds to an active computer or user account in the domain, and that the certificate is one that should be used by that account.</maml:para>
<maml:para>Certificate-to-account mapping can only be used for accounts that are in the same forest as the computer performing the mapping. This provides much stronger authentication than simply accepting any valid certificate chain. For example, you can use this capability to restrict access to accounts that are within the same forest. Certificate-to-account mapping, however, does not ensure that a specific trusted account is being allowed IPsec access.</maml:para>
<maml:para>Certificate-to-account mapping is especially useful if the certificates come from a PKI that is not integrated with your ADÂ DS deployment, such as if business partners obtain their certificates from non-Microsoft certificate providers. You can configure the IPsec policy authentication method to map certificates to a domain account for a specific root CA. You can also map all certificates from an issuing CA to one computer or user account. This allows IKE certificate authentication to be used to limit which forests are allowed IPsec access in an environment where many forests exist and each performs autoenrollment under a single internal root CA. If the certificate-to-account mapping process is not completed properly, authentication will fail and IPsec-protected connections will be blocked.</maml:para>
</maml:introduction></maml:section>
</maml:sections>
</maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>User Interface: Windows Firewall with Advanced Security</maml:linkText><maml:uri href="mshelp://windows/?id=c243c092-48c6-4073-9b19-b9c98c931582"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understanding Connection Security Rules</maml:title><maml:introduction><maml:para>Connection security involves the authentication of two computers before they begin communications and the securing of information sent between two computers. Windows Firewall with Advanced Security uses Internet Protocol security (IPsec) to achieve connection security by using key exchange, authentication, data integrity, and, optionally, data encryption. </maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>Unlike firewall rules, which operate unilaterally, connection security rules require that both communicating computers have a policy with connection security rules or another compatible IPsec policy.</maml:para></maml:alertSet>
<maml:para>Connection security rules use IPsec to secure traffic while it crosses the network. You use connection security rules to specify that connections between two computers must be authenticated or encrypted. You might still have to create a firewall rule to allow network traffic protected by a connection security rule.</maml:para>

<maml:para>For more information, see <maml:navigationLink><maml:linkText>Understanding Connection Security Rules</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?linkid=137809"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=137809) in the TechNet Library.</maml:para>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Connection Security Rule Wizard: Protocols and Ports Page</maml:title><maml:introduction>
<maml:para>Use this wizard page to specify which protocol and which port or ports specified in a network packet match this connection security rule. Only network traffic that matches the criteria on this page and the <maml:ui>Endpoints</maml:ui> page match the rule and are subject to its authentication requirements.</maml:para>
<maml:procedure><maml:title>To get to this wizard page</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, right-click <maml:ui>Connection Security Rules</maml:ui>, and then click <maml:ui>New Rule</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>On the <maml:ui>Rule Type</maml:ui> page, select <maml:ui>Custom</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In <maml:ui>Steps</maml:ui>, click <maml:ui>Protocol and Ports</maml:ui>.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Protocol type</maml:title><maml:introduction>
<maml:para>Select the protocol whose network traffic you want protected by this connection security rule. If the protocol you want is not in the list, select <maml:ui>Custom</maml:ui>, and then type the protocol number in <maml:ui>Protocol number</maml:ui>.</maml:para>
<maml:para>If you choose TCP or UDP from the list, then you can type the TCP or UDP port numbers in <maml:ui>Endpoint 1 port</maml:ui> and <maml:ui>Endpoint 2 port</maml:ui>.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Protocol number</maml:title><maml:introduction>
<maml:para>When you select a protocol type, the corresponding protocol identification number is automatically displayed in <maml:ui>Protocol number</maml:ui> and is read-only. If you select <maml:ui>Custom</maml:ui> for protocol type, then you must type the protocol identification number in <maml:ui>Protocol number</maml:ui>.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Endpoint 1 port</maml:title><maml:introduction>
<maml:para>This option is available only if the protocol is set to TCP or UDP. Use this option to specify the port number used by the computer that is part of Endpoint 1. If you select <maml:ui>All ports</maml:ui>, then all network traffic for the protocol you selected matches this connection security rule. If you select <maml:ui>Specific Ports</maml:ui>, then you can type the port numbers in the box under the list. Separate port numbers with commas.</maml:para>

<maml:alertSet class="note"><maml:title>Notes </maml:title><maml:alert>If the <maml:ui>Do not authenticate</maml:ui> option on the <maml:ui>Requirements</maml:ui> page has been selected for this rule, then you can type port numbers in a range by separating the low and high values with a hyphen, as shown:</maml:alert><maml:alert><maml:userInput>80, 445, 5000-5010</maml:userInput></maml:alert></maml:alertSet>
</maml:introduction></maml:section><maml:section><maml:title>Endpoint 2 port</maml:title><maml:introduction>
<maml:para>This option is available only if the protocol is set to TCP or UDP. Use this option to specify the port number used by the computer that is part of Endpoint 2. If you select <maml:ui>All ports</maml:ui>, then all network traffic for the protocol you selected matches this connection security rule. If you select <maml:ui>Specific Ports</maml:ui>, then you can type the port numbers in the box under the list. Separate port numbers with commas.</maml:para>
<maml:alertSet class="note"><maml:title>Notes </maml:title><maml:alert>If the <maml:ui>Do not authenticate</maml:ui> option on the <maml:ui>Requirements</maml:ui> page has been selected for this rule, then you can type port numbers in a range by separating the low and high values with a hyphen, as shown:</maml:alert><maml:alert><maml:userInput>80, 445, 5000-5010</maml:userInput></maml:alert></maml:alertSet>

</maml:introduction></maml:section><maml:section><maml:title>How to change these settings</maml:title><maml:introduction>
<maml:para>After you create the connection security rule, you can change these settings in the <maml:ui>Connection Security Rule Properties</maml:ui> dialog box. This dialog box opens when you double-click a rule in <maml:ui>Connection Security Rules</maml:ui>. To change the protocols and port numbers, click the <maml:ui>Protocols and Ports</maml:ui> tab.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Connection Security Rule Wizard</maml:linkText><maml:uri href="mshelp://windows/?id=2318ec3c-e196-4a43-9d79-70ca7c52194a"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Connection Security Rule Properties Page: Advanced Tab</maml:title><maml:introduction>
<maml:para>Use the settings on this tab to select the network profile and interface types to which the connection security rule applies. You can also configure an IPsec tunnel between the endpoints.</maml:para>

<maml:procedure><maml:title>To get to this tab</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, click <maml:ui>Connection Security Rules</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Right-click the rule that you want to modify, and then click <maml:ui>Properties</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click the <maml:ui>Advanced</maml:ui> tab.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Profile</maml:title><maml:introduction>
<maml:para>Use these options to specify the profiles to which this rule is applied. Select any combination of profiles that meet your security goals. This version of Windows supports multiple simultaneously active profiles. Each network adapter card attached to a network is assigned one of the following profiles based on what is detected on the attached network. This means that different firewall and connection security rules can affect network traffic, depending on which network adapter receives the traffic.</maml:para>

</maml:introduction>
<maml:sections>
<maml:section><maml:title>Domain</maml:title><maml:introduction>
<maml:para>The domain profile applies to a network when a domain controller for the local computerâ€™s domain is detected. If you select this check box, then the rule applies to network traffic passing through the network adapter connected to this network.</maml:para>
</maml:introduction></maml:section>

<maml:section><maml:title>Private</maml:title><maml:introduction>
<maml:para>The private profile applies to a network when it is marked private by the computer administrator and it is not a domain network. Newly detected networks are not marked private by default. A network should be marked private only when there is some kind of security device, such as a network address translator or perimeter firewall, between the computer and the Internet. The private profile settings should be more restrictive than the domain profile settings.</maml:para>
</maml:introduction></maml:section>

<maml:section><maml:title>Public</maml:title><maml:introduction>
<maml:para>The public profile applies to a network when the computer is connected directly to a public network, such as one available in airports and coffee shops. The public profile settings should be the most restrictive because the computer is connected to a public network where the security cannot be as tightly controlled as it is in an IT environment.</maml:para>
</maml:introduction></maml:section>

</maml:sections>
</maml:section><maml:section><maml:title>Interface types</maml:title><maml:introduction>
<maml:para>You can use this setting to specify to which interface type this rule applies. You can create rules that apply to certain interface types only. For example, if you specify only the wireless interface type for this rule, then Windows Firewall with Advanced Security will take the action specified by the rule for wireless traffic. The default setting is <maml:ui>All interface types</maml:ui>.</maml:para>
<maml:para>Click <maml:ui>Customize</maml:ui> to select either all interface types or specific interface types.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>IPsec tunneling</maml:title><maml:introduction>
<maml:para>You can use this setting to create a rule that uses IPsec tunnel mode to establish a connection between two tunnel endpoints.</maml:para>
<maml:para>Use Windows Firewall with Advanced Security to perform Layer 3 tunneling for scenarios in which Layer Two Tunneling Protocol (L2TP) cannot be used. If you are using L2TP for remote communications, no tunnel configuration is required because the client and server virtual private network (VPN) components of this version of Windows create the rules to secure L2TP traffic automatically.</maml:para>
<maml:para>To configure the tunnel endpoints, click <maml:ui>Customize</maml:ui>, and then provide the required information in the <maml:ui>Customize IPsec Tunneling Settings</maml:ui> dialog box.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Connection Security Rule Properties Page</maml:linkText><maml:uri href="mshelp://windows/?id=101488a1-9f62-4797-9330-4937c888e371"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Monitor Connection Security Rules - Advanced</maml:title><maml:introduction>
<maml:para>If the rule specifies an Internet Protocol security (IPsec) tunnel, this tab shows information about the tunnel endpoints and whether computer or user authorization is required. </maml:para>

<maml:procedure><maml:title>To get to this tab</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, expand <maml:ui>Monitoring</maml:ui>, and then expand <maml:ui>Connection Security Rules</maml:ui>. </maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Double-click the rule you want to examine, and then click the <maml:ui>Advanced</maml:ui> tab.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Local tunnel endpoint</maml:title><maml:introduction>
<maml:para>If the connection security rule is a tunnel rule, then this indicates the address of the tunnel endpoint that is closest to the local computer, as configured on the <maml:ui>Customize IPsec Tunneling Settings</maml:ui> dialog box.</maml:para>
<maml:para>If the connection security rule is not a tunnel rule, then <maml:ui>None</maml:ui> is displayed.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Remote tunnel endpoint</maml:title><maml:introduction>
<maml:para>If the connection security rule is a tunnel rule, then this indicates the address of the tunnel endpoint that is farthest from the local computer, as configured on the <maml:ui>Customize IPsec Tunneling Settings</maml:ui> dialog box.</maml:para>
<maml:para>If the connection security rule is not a tunnel rule, then <maml:ui>None</maml:ui> is displayed.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Interface types</maml:title><maml:introduction>
<maml:para>This indicates the network interface types to which the rule applies, as configured on the <maml:ui>Advanced</maml:ui> tab of the <maml:ui>Connection Security Rule Properties</maml:ui> page.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Apply authorization</maml:title><maml:introduction>
<maml:para>This indicates whether the use of the tunnel is restricted to only authorized users and computers, as configured on the <maml:ui>Customize IPsec Tunneling Settings</maml:ui> dialog box. The list of authorized users and computers is configured on the <maml:ui>Customize IPsec Tunnel Authorizations</maml:ui> dialog box.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Exempt IPsec protected connections</maml:title><maml:introduction>
<maml:para>This indicates whether network packets addressed to a computer in Endpoint 2 that are already protected by IPsec are sent through the tunnel. This includes any network packet with an ESP header, including ESP NULL. This setting is configured on the <maml:ui>Customize IPsec Tunneling Settings</maml:ui> dialog box.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Monitored Connection Security Rules Properties Page</maml:linkText><maml:uri href="mshelp://windows/?id=9d81b178-5fef-4b23-9dc7-e85f20bbf5d9"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Firewall Rule Properties Page: Programs and Services Tab</maml:title><maml:introduction>
<maml:para>Use this tab to specify the way in which Windows Firewall with Advanced Security matches criteria based on which program or service on the local computer is sending the packets to the peer computer. If this and all other criteria are matched, Windows Firewall with Advanced Security will take the action that you specify in <maml:ui>Action</maml:ui> on the <maml:ui>General</maml:ui> tab.</maml:para>

<maml:procedure><maml:title>To get to this tab</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, in either <maml:ui>Inbound Rules</maml:ui> or <maml:ui>Outbound Rules</maml:ui>, double-click the firewall rule you want to modify, and then click the <maml:ui>Programs and Services</maml:ui> tab.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Programs</maml:title><maml:introduction>
<maml:para>This section contains information about how network packets from a program will be matched.</maml:para>
</maml:introduction>
<maml:sections>

<maml:section><maml:title>All programs that meet the specified conditions</maml:title><maml:introduction>
<maml:para>Use this option to match network packets being sent or received by any program.</maml:para>
</maml:introduction></maml:section>

<maml:section><maml:title>This program</maml:title><maml:introduction>
<maml:para>Use this option to match network packets going to or from a specified program. If the program is not running, then no packets match the rule. You can select the program in one of two ways: </maml:para>
<maml:list class="unordered">
<maml:listItem><maml:para>Type the complete path to the program. You can include environment variables, where appropriate.</maml:para>
<maml:alertSet class="important"><maml:title>Important </maml:title><maml:para>Do not use environment variable strings that resolve only in the context of a certain user (for example, %USERPROFILE%). When these strings are evaluated by the service at runtime, the service is not running in the context of the user. The use of these strings can produce unexpected results.</maml:para></maml:alertSet></maml:listItem>
<maml:listItem><maml:para>Click <maml:ui>Browse</maml:ui> and find the program in the directory.</maml:para></maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section><maml:section><maml:title>Services</maml:title><maml:introduction>
<maml:para>Click <maml:ui>Settings</maml:ui> to match packets from all program and services on the computer (the default), services only, or a specified service.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>More about program and service settings</maml:title><maml:introduction>
<maml:para>To add a program to the rule, you must specify the executable (.exe) file used by the program. A system service that runs within its own unique .exe file and is not hosted by a service container is considered to be a program and can be added to the rule. In the same way, a program that behaves like a system service and runs whether or not a user is logged on to the computer is also considered a program as long as it runs within its own unique .exe file.</maml:para>
<maml:alertSet class="security"><maml:title>Security Note </maml:title><maml:para>Do not add service containers or programs that host services, such as Svchost.exe, Dllhost.exe, and Inetinfo.exe, to the rules list without specifying the individual service that is to be allowed or blocked. Specifying only the service container as a program might compromise the security of the computer.</maml:para></maml:alertSet>
<maml:para>When you add a program to the rule, Windows Firewall with Advanced Security dynamically opens (unblocks) and closes (blocks) the ports required by the program. When the program is running and listening for incoming traffic, Windows Firewall with Advanced Security opens the required ports; when the program is not running or is not listening for incoming traffic, Windows Firewall with Advanced Security closes the ports. Because of this dynamic behavior, adding programs to a rule is the recommended method for allowing unsolicited incoming traffic through Windows Firewall with Advanced Security.</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>You can use program rules to allow unsolicited incoming traffic through Windows Firewall with Advanced Security only if the program uses the Windows Sockets (Winsock) application programming interface (API) to create port assignments. If a program does not use Winsock to assign ports, you must determine which ports the program uses and add those ports to the rules list.</maml:para></maml:alertSet>
</maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Firewall Rule Properties Page</maml:linkText><maml:uri href="mshelp://windows/?id=142a13a0-f0c4-4122-95d9-ecfb6f6391c4"></maml:uri></maml:navigationLink></maml:para></maml:listItem><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Dialog Box: Customize Service Settings</maml:linkText><maml:uri href="mshelp://windows/?id=7e24b5a1-742d-4247-b86d-db9e097dee4e"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Dialog Box: Customize Advanced Authentication Methods</maml:title><maml:introduction>
<maml:para>Use these settings to configure the authentication required in your environment. You can configure advanced authentication on a rule-by-rule basis or to apply by default to all connection security rules.</maml:para>

<maml:procedure><maml:title>How to get to this dialog box</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>To get to this dialog box to configure the default settings for the computer, perform the following steps. These settings apply to any connection security rule in which <maml:ui>Default</maml:ui> is selected as the authentication method.</maml:para>
<maml:list class="ordered">
<maml:listItem><maml:para>On the Windows Firewall with Advanced Security MMC snap-in page, in <maml:ui>Overview</maml:ui>, click <maml:ui>Windows Firewall Properties</maml:ui>. </maml:para></maml:listItem>
<maml:listItem><maml:para>Click the <maml:ui>IPsec Settings</maml:ui> tab. </maml:para></maml:listItem>
<maml:listItem><maml:para>Under <maml:ui>IPsec defaults</maml:ui>, click <maml:ui>Customize</maml:ui>. </maml:para></maml:listItem>
<maml:listItem><maml:para>Under <maml:ui>Authentication method</maml:ui>, select <maml:ui>Advanced</maml:ui>, and then click <maml:ui>Customize</maml:ui>.</maml:para></maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>To get to this dialog box when creating a new connection security rule, perform the following steps. These settings apply only to the connection security rule whose properties you are editing.</maml:para>
<maml:list class="ordered">
<maml:listItem><maml:para>On the Windows Firewall with Advanced Security MMC snap-in page, in the navigation pane, right-click <maml:ui>Connection Security Rules</maml:ui>, and then click <maml:ui>New Rule</maml:ui>.</maml:para></maml:listItem>
<maml:listItem><maml:para>Select any rule type except <maml:ui>Authentication exemption</maml:ui>.</maml:para></maml:listItem>
<maml:listItem><maml:para>Click <maml:ui>Next</maml:ui> through the wizard until you reach the <maml:ui>Authentication Method</maml:ui> page.</maml:para></maml:listItem>
<maml:listItem><maml:para>Select <maml:ui>Advanced</maml:ui>, and then click <maml:ui>Customize</maml:ui>.</maml:para></maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>To get to this dialog box to configure the settings for an existing connection security rule, perform the following steps. These settings apply only to the connection security rule whose properties you are editing.</maml:para>
<maml:list class="ordered">
<maml:listItem><maml:para>On the Windows Firewall with Advanced Security MMC snap-in page, in the navigation pane, click <maml:ui>Connection Security Rules</maml:ui>.</maml:para></maml:listItem>
<maml:listItem><maml:para>Double-click the rule that you want to modify.</maml:para></maml:listItem>
<maml:listItem><maml:para>Click the <maml:ui>Authentication</maml:ui> tab.</maml:para></maml:listItem>
<maml:listItem><maml:para>Under <maml:ui>Method</maml:ui>, select <maml:ui>Advanced</maml:ui>, and then click <maml:ui>Customize</maml:ui>.</maml:para></maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>First authentication</maml:title><maml:introduction>
<maml:para>The first authentication method is performed during the main mode phase of Internet Protocol security (IPsec) negotiations. In this authentication, you can specify the way in which the peer computer is authenticated.</maml:para>
<maml:para>You can specify multiple methods to use for this authentication. The methods are attempted in the order you specify; the first successful method is used.</maml:para>
<maml:list class="unordered">
<maml:listItem><maml:para>To add a method to the list, click <maml:ui>Add</maml:ui>.</maml:para></maml:listItem>
<maml:listItem><maml:para>To modify a method already in the list, select the method, and then click <maml:ui>Edit</maml:ui>.</maml:para></maml:listItem>
<maml:listItem><maml:para>To remove a method from the list, select the method, and then click <maml:ui>Remove</maml:ui>.</maml:para></maml:listItem>
<maml:listItem><maml:para>To reorder the list, select a method, and then click the up and down arrows.</maml:para></maml:listItem>
</maml:list>
<maml:para>For more information about the available first authentication methods, see <maml:navigationLink><maml:linkText>Dialog Box: Add or Edit First Authentication Method</maml:linkText><maml:uri href="mshelp://windows/?id=f9172bb1-6c9e-4e09-a1cb-6e6912459aee"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title>First authentication is optional</maml:title><maml:introduction>
<maml:para>You can select this option to have the first authentication performed with anonymous credentials. This is useful when the second authentication provides the primary, required means of authentication, and the first authentication is to be performed only when both peers support it. For example, if you want to require user-based KerberosÂ version 5 authentication, which is available only as a second authentication, you can select <maml:ui>First authentication is optional</maml:ui>, and then select <maml:ui>User (Kerberos V5)</maml:ui> in <maml:ui>Second authentication method</maml:ui>.</maml:para>
<maml:alertSet class="caution"><maml:title>Caution </maml:title><maml:para>Do not configure both the first authentication and second authentication to be optional. This is equivalent to turning authentication off.</maml:para></maml:alertSet>
</maml:introduction></maml:section>
</maml:sections>
</maml:section><maml:section><maml:title>Second authentication</maml:title><maml:introduction>
<maml:para>With second authentication, you can specify the way in which the user logged on to the peer computer is authenticated. You can also specify a computer health certificate from a specified certification authority (CA).</maml:para>
<maml:para>The methods are attempted in the order you specify; the first successful method is used.</maml:para>
<maml:para>You can specify multiple methods to use for this authentication. </maml:para>
<maml:list class="unordered">
<maml:listItem><maml:para>To add a method to the list, click <maml:ui>Add</maml:ui>.</maml:para></maml:listItem>
<maml:listItem><maml:para>To modify a method already in the list, select the method, and then click <maml:ui>Edit</maml:ui>.</maml:para></maml:listItem>
<maml:listItem><maml:para>To remove a method from the list, select the method, and then click <maml:ui>Remove</maml:ui>.</maml:para></maml:listItem>
<maml:listItem><maml:para>To reorder the list, select a method and then click the up and down arrows.</maml:para></maml:listItem>
</maml:list>
<maml:alertSet class="note"><maml:title>Notes </maml:title><maml:alert>You must use either all user-based authentication methods or all computer-based authentication methods.</maml:alert><maml:alert>No matter where it appears in the list, you cannot use the second authentication method if you are using a preshared key for the first authentication method. </maml:alert></maml:alertSet>
<maml:para>For more information about the available second authentication methods, see <maml:navigationLink><maml:linkText>Dialog Box: Add or Edit Second Authentication Method</maml:linkText><maml:uri href="mshelp://windows/?id=dd07bae3-3af0-469b-adc8-84f78f4169e8"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title>Second authentication is optional</maml:title><maml:introduction>
<maml:para>You can select this option to indicate the second authentication should be performed if possible, but that the connection should not be blocked should the second authentication fail. This is useful when the first authentication provides the primary, required means of authentication, and the second authentication is optional, but preferred, when both peers support it. For example, if you want to require computer-based KerberosÂ version 5 authentication and you would like to use user-based KerberosÂ version 5 authentication when possible, you can select <maml:ui>Computer (KerberosÂ V5) </maml:ui>as the first authentication, and then select <maml:ui>User (KerberosÂ V5)</maml:ui> as the second authentication with <maml:ui>Second authentication is optional</maml:ui> selected.</maml:para>
<maml:alertSet class="caution"><maml:title>Caution </maml:title><maml:para>Do not configure both the first authentication and second authentication to be optional. This is equivalent to turning authentication off.</maml:para></maml:alertSet>
<maml:alertSet class="important"><maml:title>Important </maml:title><maml:alert>In a tunnel mode rule, if you select <maml:ui>Second authentication is optional</maml:ui>, then the resulting IPsec policy is implemented as IKE only and does not use Authenticated Internet Protocol (AuthIP). Any authentication methods specified in <maml:ui>Second authentication</maml:ui> are ignored. </maml:alert><maml:alert>In a transport mode rule, the second authentication methods are still used, as expected.</maml:alert></maml:alertSet>
</maml:introduction></maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content><maml:relatedLinks type="seeAlso"><maml:title>See Also</maml:title><maml:navigationLink><maml:linkText>User Interface: Windows Firewall with Advanced Security</maml:linkText><maml:uri href="mshelp://windows/?id=c243c092-48c6-4073-9b19-b9c98c931582"></maml:uri></maml:navigationLink></maml:relatedLinks></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Dialog Box: Customize Data Protection Settings</maml:title><maml:introduction>
<maml:para>Use this dialog box to add, edit, change priority, or remove data integrity or data encryption algorithms. You can use more than one algorithm in each list and you can assign the order in which the algorithms are attempted. The first algorithm in the list that is compatible with both peers will be used.</maml:para>
<maml:para>You must specify algorithms that are also specified in the rules on the computers to which you want to communicate. For more information, see <maml:navigationLink><maml:linkText>IPsec Algorithms and Protocols Supported by Windows</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?linkid=129230"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=129230).</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>A best practice is to list the algorithms in order of greatest security at the top to least security at the bottom. This way, the most secure algorithm in common between the two negotiating computers is used. The less secure algorithms can be used for backward compatibility.</maml:para></maml:alertSet>

<maml:procedure><maml:title>How to get to this dialog box</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>On the Windows Firewall with Advanced Security MMC snap-in, in the navigation pane, click <maml:ui>Windows Firewall with Advanced Security</maml:ui>, and then in <maml:ui>Overview</maml:ui>, click <maml:ui>Windows Firewall Properties</maml:ui>. </maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click the <maml:ui>IPsec Settings</maml:ui> tab. </maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Under <maml:ui>IPsec defaults</maml:ui>, click <maml:ui>Customize</maml:ui>. </maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Under <maml:ui>Data protection (Quick Mode)</maml:ui>, select <maml:ui>Advanced</maml:ui>, and then click <maml:ui>Customize</maml:ui>.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Performance considerations for encryption</maml:title><maml:introduction>
<maml:para>The encryption algorithms that provide the best security for your data are those that make it computationally infeasible for the data to be decrypted without the key. The mathematical algorithms that perform the encryption are themselves mathematically intense and can degrade performance. As you switch to higher security algorithms, the computing power required to perform the calculations increases.</maml:para>
<maml:para>Windows supports the use of network adapters that have cryptographic processors that can perform most of the IPsec encryption calculations. This frees up your main processors to do other things and reduces the performance overhead of IPsec. For more information, see <maml:navigationLink><maml:linkText>Improving Network Performance by Using IPsec Task Offload</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?linkid=129229"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=129229).</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Require encryption for all connection security rules that use these settings</maml:title><maml:introduction>
<maml:para>Select this check box to require all connection security rules to require encryption. If you select this check box, the <maml:ui>Data integrity</maml:ui> section is disabled, and you can only specify algorithm combinations in the <maml:ui>Data integrity and encryption</maml:ui> section.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Data integrity</maml:title><maml:introduction>
<maml:para>This list shows the currently configured data integrity algorithms. When negotiating the details of the quick mode SA with another computer, the algorithms are proposed in the order shown. Use the up and down arrows to arrange the algorithms into the preferred order. You should place the algorithms with stronger protection at the top of the list, and those with weaker protection at the bottom of the list. Include weaker algorithms only if required to support computers that cannot use the stronger algorithms.</maml:para>
<maml:para>If you select <maml:ui>Require encryption for all connection security rules that use these settings</maml:ui>, then this section is disabled.</maml:para>
<maml:para>To add an algorithm to the list, click <maml:ui>Add</maml:ui>. To modify an algorithm that is already in the list, select the algorithm, and then click <maml:ui>Edit</maml:ui>. To remove an algorithm from the list, select the algorithm, and then click <maml:ui>Remove</maml:ui>. </maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Data integrity and encryption</maml:title><maml:introduction>
<maml:para>This list shows the currently configured algorithm combinations that include both encryption and data integrity. When negotiating the details of the quick mode SA with another computer, the algorithm combinations are proposed in the order shown. Use the up and down arrows to arrange the algorithm combinations into the preferred order. You should place the algorithm combinations with stronger protection at the top of the list and those with weaker protection at the bottom of the list. Include weaker algorithm combinations only if required to support computers that cannot use the stronger algorithm combinations.</maml:para>
<maml:para>To add an algorithm combination to the list, click <maml:ui>Add</maml:ui>. To modify an algorithm combination that is already in the list, select the algorithm combination, and then click <maml:ui>Edit</maml:ui>. To remove an algorithm combination from the list, select the algorithm combination, and then click <maml:ui>Remove</maml:ui>. For more information, see <maml:navigationLink><maml:linkText>Dialog Box: Add or Edit Integrity and Encryption Algorithms</maml:linkText><maml:uri href="mshelp://windows/?id=b31c589e-5b17-42df-b7ad-041084dd2074"></maml:uri></maml:navigationLink>.</maml:para>

</maml:introduction></maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>User Interface: Windows Firewall with Advanced Security</maml:linkText><maml:uri href="mshelp://windows/?id=c243c092-48c6-4073-9b19-b9c98c931582"></maml:uri></maml:navigationLink></maml:para></maml:listItem><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Dialog Box: Add or Edit Integrity Algorithms</maml:linkText><maml:uri href="mshelp://windows/?id=226a35ae-cf87-4bd3-b4be-fab77930e6da"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Dialog Box: Customize IPsec Tunnel Authorization</maml:title><maml:introduction>
<maml:para>Use these settings to specify which users or computers are authorized to initiate a tunnel connection to the local computer. These settings only apply to inbound connections. Tunnel connections initiated by the local computer are not subject to these authorization settings.</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>These settings only apply to tunnel mode rules that have the <maml:ui>Apply authorization</maml:ui> option enabled on the <maml:ui>Customize IPsec Tunneling Settings</maml:ui> dialog box.</maml:para></maml:alertSet>

<maml:procedure><maml:title>To get to this dialog box</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, in <maml:ui>Overview</maml:ui>, click <maml:ui>Windows Firewall Properties</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click the <maml:ui>IPsec Settings</maml:ui> tab.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Under <maml:ui>IPsec tunnel authorization</maml:ui>, select <maml:ui>Advanced</maml:ui>, and then click <maml:ui>Customize</maml:ui>.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Computers tab</maml:title><maml:introduction>
<maml:para>Use this tab to identify computers or computer groups that are authorized to create tunnel mode connections to the local computer.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title>Authorized computers</maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section><maml:title>Only allow connections from these computers</maml:title><maml:introduction>
<maml:para>Select this option to specify which computers can create a tunnel mode connection to the local computer.</maml:para>
<maml:para>If you select the check box, then <maml:ui>Add</maml:ui> is enabled. Click <maml:ui>Add</maml:ui>, and then specify the computer or group accounts in the <maml:ui>Active Directory Object Picker</maml:ui> dialog box.</maml:para>
<maml:para>To remove a computer or group from the list, select the computer or group, and then click <maml:ui>Remove</maml:ui>.</maml:para>
</maml:introduction></maml:section>

</maml:sections>
</maml:section>
<maml:section><maml:title>Exceptions</maml:title><maml:introduction>
<maml:para>Use this section to identify computer or group accounts that are denied permissions to create tunnel mode connections to the local computer. If a computer attempting a connection is listed in both the <maml:ui>Authorized computers</maml:ui> and <maml:ui>Exceptions</maml:ui> boxes, either directly or as a member of a group, the exception takes priority and the connection is blocked.
</maml:para></maml:introduction>
<maml:sections><maml:section><maml:title>Deny connections from these computers</maml:title><maml:introduction>
<maml:para>Select this option to specify which computers are prohibited from creating a tunnel mode connection to this computer.</maml:para>
<maml:para>If you select the check box, then <maml:ui>Add</maml:ui> is enabled. Click <maml:ui>Add</maml:ui>, and then specify the computer or group accounts in the <maml:ui>Active Directory Object Picker</maml:ui> dialog box.</maml:para>
<maml:para>To remove a computer or group from the list, select the computer or group, and then click <maml:ui>Remove</maml:ui>.</maml:para>
</maml:introduction></maml:section></maml:sections>
</maml:section>

</maml:sections>
</maml:section><maml:section><maml:title>Users tab</maml:title><maml:introduction>
<maml:para>Use this tab to identify users or user groups that are authorized to create tunnel mode connections to the local computer.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title>Authorized users</maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section><maml:title>Only allow connections from these users</maml:title><maml:introduction>
<maml:para>Select this option to specify which users can create a tunnel mode connection to this computer.</maml:para>
<maml:para>If you select the check box, then <maml:ui>Add</maml:ui> is enabled. Click <maml:ui>Add</maml:ui>, and then specify the user or group accounts in the <maml:ui>Active Directory Object Picker</maml:ui> dialog box.</maml:para>
<maml:para>To remove a user or group from the list, select the user or group, and then click <maml:ui>Remove</maml:ui>.</maml:para>
</maml:introduction></maml:section>

</maml:sections>
</maml:section>
<maml:section><maml:title>Exceptions</maml:title><maml:introduction>
<maml:para>Use this section to identify user or group accounts that are denied permissions to create tunnel mode connections to the local computer. If a user attempting a connection is listed in both the <maml:ui>Authorized users</maml:ui> and <maml:ui>Exceptions</maml:ui> boxes, either directly or as a member of a group, the exception takes priority and the connection is blocked.</maml:para></maml:introduction>
<maml:sections><maml:section><maml:title>Deny connections from these computers</maml:title><maml:introduction>
<maml:para>Select this option to specify which users are prohibited from creating a tunnel mode connection to this computer.</maml:para>
<maml:para>If you select the check box, then <maml:ui>Add</maml:ui> is enabled. Click <maml:ui>Add</maml:ui>, and then specify the user or group accounts in the <maml:ui>Active Directory Object Picker</maml:ui> dialog box.</maml:para>
<maml:para>To remove a user or group from the list, select the user or group, and then click <maml:ui>Remove</maml:ui>.</maml:para>
</maml:introduction></maml:section></maml:sections>
</maml:section>

</maml:sections>
</maml:section></maml:sections></maml:content><maml:relatedLinks type="seeAlso"><maml:title>See Also</maml:title><maml:navigationLink><maml:linkText>User Interface: Windows Firewall with Advanced Security</maml:linkText><maml:uri href="mshelp://windows/?id=c243c092-48c6-4073-9b19-b9c98c931582"></maml:uri></maml:navigationLink></maml:relatedLinks></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Configuring Firewall Rules</maml:title><maml:introduction>
<maml:para>Because Windows Firewall with Advanced Security blocks all incoming unsolicited network traffic by default, you need to configure program, port, or system service rules for programs or services that are acting as servers, listeners, or peers. Program, port, and system service rules are managed on an ongoing basis as your server roles or configurations change. The roles and features that you can install by using Server Manager typically create and enable firewall rules for you when the role or feature is installed. They also remove or disable the rules when the role or feature is removed. A growing number of other, non-Microsoft programs and services also automatically configure Windows Firewall with a set of rules to permit their operation.</maml:para>
<maml:alertSet class="important"><maml:title>Important </maml:title><maml:para>Each filtering criteria that you add to a firewall rule adds increasing levels of restriction. For example, if you do not specify a program or service on the <maml:ui>Program and Services</maml:ui> tab, all programs and services will be allowed to connect, if their network traffic matches the other criteria in the rule. Adding more detailed criteria makes the rule progressively more restrictive and less likely to be matched.</maml:para></maml:alertSet>
<maml:para>For more information, see <maml:navigationLink><maml:linkText>Configuring Firewall Rules</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?linkid=137813"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=137813) in the TechNet Library.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Windows Firewall with Advanced Security</maml:linkText><maml:uri href="mshelp://windows/?id=60324d03-97f8-4aa5-864b-af205ebff02b"></maml:uri></maml:navigationLink></maml:para></maml:listItem><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Understanding Firewall Rules</maml:linkText><maml:uri href="mshelp://windows/?id=9868a02b-2d5f-4a8d-a1f7-f6f1a64cec99"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Dialog Box: Add or Edit First Authentication Method</maml:title><maml:introduction>
<maml:para>Use these settings to specify the way in which the peer computer is authenticated. The first authentication method is performed during the main mode phase of Internet Protocol security (IPsec) negotiations.</maml:para>
<maml:para>You can specify multiple methods to use for first authentication. The methods are attempted in the order you specify. The first successful method is used.</maml:para>
<maml:para>For more information about the authentication methods available in this dialog box, see <maml:navigationLink><maml:linkText>IPsec Algorithms and Methods Supported in Windows</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?linkid=129230"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=129230).</maml:para>

<maml:procedure><maml:title>To get to this dialog box</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>When modifying the system-wide default settings:</maml:para>
<maml:list class="ordered">
<maml:listItem><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, in <maml:ui>Overview</maml:ui>, click <maml:ui>Windows Firewall Properties</maml:ui>.</maml:para></maml:listItem>
<maml:listItem><maml:para>Click the <maml:ui>IPsec Settings</maml:ui> tab, and then under <maml:ui>IPsec defaults</maml:ui>, click <maml:ui>Customize</maml:ui>.</maml:para></maml:listItem>
<maml:listItem><maml:para>Under <maml:ui>Authentication Method</maml:ui>, select <maml:ui>Advanced</maml:ui>, and then click <maml:ui>Customize</maml:ui>.</maml:para></maml:listItem>
<maml:listItem><maml:para>Under <maml:ui>First authentication</maml:ui>, select a method, and then click <maml:ui>Edit</maml:ui> or <maml:ui>Add.</maml:ui></maml:para></maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>When creating a new connection security rule:</maml:para>
<maml:list class="ordered">
<maml:listItem><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, right-click <maml:ui>Connection Security Rules</maml:ui>, and then click <maml:ui>New Rule</maml:ui>.</maml:para></maml:listItem>
<maml:listItem><maml:para>On the <maml:ui>Rule Type</maml:ui> page, select any type except <maml:ui>Authentication exemption</maml:ui>.</maml:para></maml:listItem>
<maml:listItem><maml:para>On the <maml:ui>Authentication Method</maml:ui> page, select <maml:ui>Advanced</maml:ui>, and then click <maml:ui>Customize</maml:ui>.</maml:para></maml:listItem>
<maml:listItem><maml:para>Under <maml:ui>First authentication</maml:ui>, select a method, and then click <maml:ui>Edit</maml:ui> or <maml:ui>Add.</maml:ui></maml:para></maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>When modifying an existing connection security rule:</maml:para>
<maml:list class="ordered">
<maml:listItem><maml:para>In the Windows Firewall with Advanced Security MMC snap-in, click <maml:ui>Connection Security Rules</maml:ui>.</maml:para></maml:listItem>
<maml:listItem><maml:para>Double-click the connection security rule that you want to modify.</maml:para></maml:listItem>
<maml:listItem><maml:para>Click the <maml:ui>Authentication</maml:ui> tab.</maml:para></maml:listItem>
<maml:listItem><maml:para>Under <maml:ui>Method</maml:ui>, click <maml:ui>Advanced</maml:ui>, and then click <maml:ui>Customize</maml:ui>.</maml:para></maml:listItem>
<maml:listItem><maml:para>Under <maml:ui>First authentication</maml:ui>, select a method, and then click <maml:ui>Edit</maml:ui> or <maml:ui>Add.</maml:ui></maml:para></maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Computer (Kerberos V5)</maml:title><maml:introduction>
<maml:para>You can use this method to authenticate peer computers that have computer accounts in the same domain or in separate domains that have a trust relationship.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Computer (NTLMv2)</maml:title><maml:introduction>
<maml:para>NTLMv2 is an alternative way to authenticate peer computers that have computer accounts in the same domain or in separate domains that have a trust relationship.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Computer certificate from this certification authority (CA)</maml:title><maml:introduction>
<maml:para>Use a public key certificate in situations that include external business partner communications or computers that do not run the KerberosÂ version 5 authentication protocol. This requires that at least one trusted root CA is configured on or accessible through your network and that client computers have an associated computer certificate.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title>Signing algorithm</maml:title><maml:introduction>
<maml:para>Specify the signing algorithm used to cryptographically secure the certificate.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title>RSA (default)</maml:title><maml:introduction>
<maml:para>Select this option if the certificate is signed by using the RSA public-key cryptography algorithm.</maml:para>
</maml:introduction></maml:section>
<maml:section><maml:title>ECDSA-P256</maml:title><maml:introduction>
<maml:para>Select this option if the certificate is signed by using the Elliptic Curve Digital Signature Algorithm (ECDSA) with 256-bit key strength.</maml:para>
</maml:introduction></maml:section>
<maml:section><maml:title>ECDSA-P384</maml:title><maml:introduction>
<maml:para>Select this option if the certificate is signed by using ECDSA with 384-bit key strength.</maml:para>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>

<maml:section><maml:title>Certificate store type</maml:title><maml:introduction>
<maml:para>Specify the type of certificate by identifying the store in which the certificate is located.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title>Root CA (default)</maml:title><maml:introduction>
<maml:para>Select this option if the certificate was issued by a root CA and is stored in the local computerâ€™s Trusted Root Certification Authorities certificate store.</maml:para>
</maml:introduction></maml:section>
<maml:section><maml:title>Intermediate CA</maml:title><maml:introduction>
<maml:para>Select this option if the certificate was issued by an intermediate CA and is stored in the local computerâ€™s Intermediate Certification Authorities certificate store.</maml:para>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>

<maml:section><maml:title>Accept only health certificates</maml:title><maml:introduction>
<maml:para>This option restricts the use of computer certificates to those that are marked as heath certificates. Health certificates are published by a CA in support of a Network Access Protection (NAP) deployment. NAP lets you define and enforce health policies so that computers that do not comply with network policies, such as computers without antivirus software or those that do not have the latest software updates, are less likely to access your network. To implement NAP, you need to configure NAP settings on both server and client computers. NAP Client Management, a Microsoft Management Console (MMC) snap-in, helps you configure NAP settings on your client computers. For more information, see the NAP MMC snap-in Help. To use this method, you must have a NAP server set up in the domain.</maml:para>
</maml:introduction></maml:section>

<maml:section><maml:title>Enable certificate to account mapping</maml:title><maml:introduction>
<maml:para>When you enable IPsec certificate-to-account mapping, the Internet Key Exchange (IKE) and Authenticated IP (AuthIP) protocols associate (map) a computer certificate to a computer account in an Active Directory domain or forest, and then retrieve an access token, which includes the list of computer security groups. This process ensures that the certificate offered by the IPsec peer corresponds to an active computer account in the domain, and that the certificate is one that should be used by that computer.</maml:para>
<maml:para>Certificate-to-account mapping can only be used for computer accounts that are in the same forest as the computer performing the mapping. This provides much stronger authentication than simply accepting any valid certificate chain. For example, you can use this capability to restrict access to computers that are within the same forest. Certificate-to-account mapping, however, does not ensure that a specific trusted computer is being allowed IPsec access.</maml:para>
<maml:para>Certificate-to-account mapping is especially useful if the certificates come from a public key infrastructure (PKI) that is not integrated with your Active Directory Domain Services (ADÂ DS) deployment, such as if business partners obtain their certificates from non-Microsoft providers. You can configure the IPsec policy authentication method to map certificates to a domain computer account for a specific root CA. You can also map all certificates from an issuing CA to one computer account. This allows IKE certificate authentication to be used to limit which forests are allowed IPsec access in an environment where many forests exist and each performs autoenrollment under a single internal root CA. If the certificate-to-account mapping process is not completed properly, authentication will fail and IPsec-protected connections will be blocked.</maml:para>
</maml:introduction></maml:section>
</maml:sections>
</maml:section><maml:section><maml:title>Preshared key (not recommended)</maml:title><maml:introduction>
<maml:para>You can use preshared keys for authentication. This is a shared, secret key that is previously agreed on by two users. Both parties must manually configure IPsec to use this preshared key. During security negotiation, information is encrypted by using the shared key before transmission and decrypted by using the same key on the receiving end. If the receiver can decrypt the information, identities are considered to be authenticated.</maml:para>
<maml:alertSet class="caution"><maml:title>Caution </maml:title><maml:alert>Preshared key methodology is provided for interoperability purposes and to adhere to IPsec standards. You should use the preshared key for testing purposes only. Regular use of preshared key authentication is not recommended because the authentication key is stored in an unprotected state in the IPsec policy.</maml:alert><maml:alert>If a preshared key is used for the main mode authentication, second authentication cannot be used.</maml:alert></maml:alertSet>
</maml:introduction></maml:section></maml:sections></maml:content><maml:relatedLinks type="seeAlso"><maml:title>See Also</maml:title><maml:navigationLink><maml:linkText>User Interface: Windows Firewall with Advanced Security</maml:linkText><maml:uri href="mshelp://windows/?id=c243c092-48c6-4073-9b19-b9c98c931582"></maml:uri></maml:navigationLink></maml:relatedLinks></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Resources for Windows Firewall with Advanced Security</maml:title><maml:introduction>
<maml:para>For more information about Windows Firewall with Advanced Security, see the following resources on the Microsoft Web site:</maml:para>
<maml:list class="unordered">
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Windows Firewall with Advanced Security and IPsec</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?linkid=96525"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=96525)</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Windows Firewall with Advanced Security Deployment Guide</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?linkid=98308"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=98308)</maml:para>
</maml:listItem><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Server and Domain Isolation</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?linkid=95395"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=95395)</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>IPsec</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?linkid=95394"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=95394)</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Windows Firewall</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?linkid=95393"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=95393)</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Windows Firewall Errors and Events for WindowsÂ 7 and Windows ServerÂ 2008Â R2</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?linkid=137360"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=137360)</maml:para></maml:listItem>
</maml:list>

</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><?xml version="1.0" encoding="utf-8"?>
<HelpCollection Id="authfw" DTDVersion="1.0" FileVersion="" LangId="1033" Copyright="Â© 2005 Microsoft Corporation. All rights reserved." Title="Windows Firewall with Advanced Security" xmlns="http://schemas.microsoft.com/help/collection/2004/11">
	<CompilerOptions CompileResult="H1S" CreateFullTextIndex="Yes" BreakerId="Microsoft.NLG.en.WordBreaker">
		<IncludeFile File="authfw.H1F" />
	</CompilerOptions>
	<TOCDef File="authfw.H1T" Id="authfw_TOC" />
	<VTopicDef File="authfw.H1V" />
	<KeywordIndexDef File="authfw_AssetId.H1K" />
	<KeywordIndexDef File="authfw_BestBet.H1K" />
	<KeywordIndexDef File="authfw_LinkTerm.H1K" />
	<KeywordIndexDef File="authfw_SubjectTerm.H1K" />
	<ItemMoniker Name="!DefaultTOC" ProgId="HxDs.HxHierarchy" InitData="AnyString" />
	<ItemMoniker Name="!DefaultFullTextSearch" ProgId="HxDs.HxFullTextSearch" InitData="AnyString" />
	<ItemMoniker Name="!DefaultAssetIdIndex" ProgId="HxDs.HxIndex" InitData="AssetId" />
	<ItemMoniker Name="!DefaultBestBetIndex" ProgId="HxDs.HxIndex" InitData="BestBet" />
	<ItemMoniker Name="!DefaultAssociativeIndex" ProgId="HxDs.HxIndex" InitData="LinkTerm" />
	<ItemMoniker Name="!DefaultKeywordIndex" ProgId="HxDs.HxIndex" InitData="SubjectTerm" />
</HelpCollection><?xml version="1.0" encoding="utf-8"?>
<HelpFileList xmlns="http://schemas.microsoft.com/help/filelist/2004/11">
	<File Url="assets\05d277a3-2b83-4951-a2fc-e2ca78a24f24.xml" />
	<File Url="assets\06cbaf77-aa9d-4dec-b056-3dcd2616e4fa.xml" />
	<File Url="assets\0ec58789-26f0-47cd-9f43-aa6e7d52db10.xml" />
	<File Url="assets\101488a1-9f62-4797-9330-4937c888e371.xml" />
	<File Url="assets\12452b6f-dce5-4515-bfdd-455f08c77e5a.xml" />
	<File Url="assets\13da39e0-2a32-4ac4-a952-4391ae88c739.xml" />
	<File Url="assets\142a13a0-f0c4-4122-95d9-ecfb6f6391c4.xml" />
	<File Url="assets\14f25442-df7f-4c80-9ffc-b01781b2b246.xml" />
	<File Url="assets\1826c5b4-7aa9-419a-a211-07542a5dcf1a.xml" />
	<File Url="assets\18ddcbbd-4939-492c-a716-f1fccc468c18.xml" />
	<File Url="assets\1a70e8bc-19f3-4bd5-bba9-d04c432adbc6.xml" />
	<File Url="assets\1a81d9c6-f39f-4835-a00b-11d994247ca9.xml" />
	<File Url="assets\20b3aba6-884a-4ef9-8ea7-914e4cd735d9.xml" />
	<File Url="assets\226a35ae-cf87-4bd3-b4be-fab77930e6da.xml" />
	<File Url="assets\2318ec3c-e196-4a43-9d79-70ca7c52194a.xml" />
	<File Url="assets\2adf4b4a-fbdb-4bfa-8e09-8648c986f4f0.xml" />
	<File Url="assets\39e393da-18a6-4a1d-85d1-d9dcb46e3b93.xml" />
	<File Url="assets\40413516-c1ab-46b3-b62c-d165b434974b.xml" />
	<File Url="assets\41646515-247f-4ce4-a9fd-600bd90ae773.xml" />
	<File Url="assets\5147487b-bb6a-40e4-b8ee-f263c52bee24.xml" />
	<File Url="assets\52a543f3-3baa-42d9-8614-25293d0e3f62.xml" />
	<File Url="assets\53d4595a-b6b0-4133-be9e-03dcecef56e6.xml" />
	<File Url="assets\53df2676-ea86-4670-8f48-b113383a0992.xml" />
	<File Url="assets\55215ddc-b9aa-4bac-9ec2-d5da5cb3932c.xml" />
	<File Url="assets\5886c961-2f7a-46f9-928b-2b906f2c354a.xml" />
	<File Url="assets\58a40682-63b1-493a-9d97-940532cbbcd8.xml" />
	<File Url="assets\5918d117-66c3-4f58-8680-a5a822c40dc7.xml" />
	<File Url="assets\5aaa1ce1-0a0e-4686-a4cf-d63cb0a351da.xml" />
	<File Url="assets\5ca392ca-aece-4319-90c5-80544a29b8e9.xml" />
	<File Url="assets\60324d03-97f8-4aa5-864b-af205ebff02b.xml" />
	<File Url="relatedAssets\52c6db15-ed4e-415c-a077-ce2a57486732.gif" />
	<File Url="assets\63138fa3-9f09-4684-89cb-c44306ee3763.xml" />
	<File Url="assets\66011489-1eee-4986-9373-565e557db23b.xml" />
	<File Url="assets\6a710a38-a254-4a80-9a53-6ea2e0816d24.xml" />
	<File Url="relatedAssets\35a693e7-9134-418a-9c80-17f6d60c08e6.gif" />
	<File Url="assets\70d0c763-d3a3-486d-9f91-e213831f2485.xml" />
	<File Url="assets\710fa446-c600-4691-ae28-37a9824fb95d.xml" />
	<File Url="assets\71ea19d0-e57f-4828-923a-632cdb208aad.xml" />
	<File Url="assets\7e24b5a1-742d-4247-b86d-db9e097dee4e.xml" />
	<File Url="assets\8039b8d4-e87b-4aac-9c09-6a34cc73f1b6.xml" />
	<File Url="relatedAssets\64ce07a8-52a2-4d69-a392-2cae596fef27.gif" />
	<File Url="assets\85c69539-f0c0-474c-9860-d220293ab2d6.xml" />
	<File Url="assets\8a0b490a-db5e-420f-8990-d0e30a17bc1a.xml" />
	<File Url="assets\8b29e655-9fb1-4ba5-a701-30812af59d2e.xml" />
	<File Url="assets\8c965889-6e37-4ad0-b41d-4f98bed709ad.xml" />
	<File Url="assets\950c636f-f858-4852-8a78-b3222cd57bff.xml" />
	<File Url="assets\97e94c49-45b2-4af9-bcd8-07fff5c1618f.xml" />
	<File Url="assets\9868a02b-2d5f-4a8d-a1f7-f6f1a64cec99.xml" />
	<File Url="assets\98690952-0b7a-4b1f-bbee-3db1fa381f4f.xml" />
	<File Url="assets\99ae4ae7-1d65-4020-b26c-bfaf2df8ba6b.xml" />
	<File Url="assets\9d81b178-5fef-4b23-9dc7-e85f20bbf5d9.xml" />
	<File Url="assets\9fcdfb8b-6e47-4c72-b6f3-cb6e5fdb529f.xml" />
	<File Url="assets\a4c3ccd0-9ec1-4da5-982d-6e65877b5db3.xml" />
	<File Url="assets\aa9088cb-98f3-4c53-8270-09484edb997a.xml" />
	<File Url="assets\aaad90b0-4f52-46ca-9636-e05175e4aa78.xml" />
	<File Url="assets\b029858f-ef85-4cdd-a29c-06a9457f4365.xml" />
	<File Url="assets\b31c589e-5b17-42df-b7ad-041084dd2074.xml" />
	<File Url="assets\b8b120da-821c-45f1-86ee-d7303f6b500a.xml" />
	<File Url="assets\ba442eea-0e40-4936-bb3a-413993267098.xml" />
	<File Url="assets\c243c092-48c6-4073-9b19-b9c98c931582.xml" />
	<File Url="assets\c85aba54-dcb3-45be-b1bd-271d579da6fc.xml" />
	<File Url="assets\cc83aec7-e835-4b20-acbd-e40eac6764f2.xml" />
	<File Url="assets\ccd5048b-bdba-47b7-8658-9f8bbbcec7fb.xml" />
	<File Url="assets\cd103e5b-9da9-438d-a9b8-ed96384a17f2.xml" />
	<File Url="assets\d42aa5c6-4859-4f78-b001-dc067151521b.xml" />
	<File Url="assets\d43f0fad-14d0-4def-8440-631d6e8fe905.xml" />
	<File Url="assets\d857a0e4-9ae0-4ee0-84a1-13100e8e5948.xml" />
	<File Url="assets\d9626188-57c8-49b1-ad44-66e75119a5f9.xml" />
	<File Url="assets\dc5c6bc1-9537-456d-b168-faf78a66554f.xml" />
	<File Url="assets\dd07bae3-3af0-469b-adc8-84f78f4169e8.xml" />
	<File Url="assets\e3c300ca-1c4c-43a3-82d1-7e4b0860b7e2.xml" />
	<File Url="assets\e98f04c7-99c8-4816-a640-da8e73a14db3.xml" />
	<File Url="assets\ec590a1c-d105-4cf9-bf83-6606624c33db.xml" />
	<File Url="assets\ed344be2-ee6d-4a37-ac31-4f0b9763d04b.xml" />
	<File Url="assets\ee8441ab-55b4-4ce3-b658-d4e28320a010.xml" />
	<File Url="assets\f19cbe6e-7235-4613-90d0-6f7a3e8a6093.xml" />
	<File Url="assets\f4d3d872-6514-49fd-b8ed-1d725f74f0c1.xml" />
	<File Url="assets\f637c2d4-a8aa-4e7a-b437-86b8e3accc7f.xml" />
	<File Url="assets\f87bdc33-14b4-4832-b190-377f16d7e671.xml" />
	<File Url="assets\f9172bb1-6c9e-4e09-a1cb-6e6912459aee.xml" />
	<File Url="assets\ffe91987-ce8c-4caa-826a-fb26d9d3f23b.xml" />
</HelpFileList><?xml version="1.0" encoding="utf-8"?>
<VTopicSet DTDVersion="1.0" xmlns="http://schemas.microsoft.com/help/vtopic/2004/11">
	<Vtopic Url="assets\05d277a3-2b83-4951-a2fc-e2ca78a24f24.xml" RLTitle="Windows Firewall with Advanced Security Properties Page">
		<Attr Name="assetid" Value="05d277a3-2b83-4951-a2fc-e2ca78a24f24" />
		<Keyword Index="AssetId" Term="05d277a3-2b83-4951-a2fc-e2ca78a24f24" />
		<Keyword Index="AssetId" Term="05d277a3-2b83-4951-a2fc-e2ca78a24f241033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="05d277a3-2b83-4951-a2fc-e2ca78a24f24" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\06cbaf77-aa9d-4dec-b056-3dcd2616e4fa.xml" RLTitle="Dialog Box: Add or Edit IP Addresses">
		<Attr Name="assetid" Value="06cbaf77-aa9d-4dec-b056-3dcd2616e4fa" />
		<Keyword Index="AssetId" Term="06cbaf77-aa9d-4dec-b056-3dcd2616e4fa" />
		<Keyword Index="AssetId" Term="06cbaf77-aa9d-4dec-b056-3dcd2616e4fa1033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="06cbaf77-aa9d-4dec-b056-3dcd2616e4fa" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\0ec58789-26f0-47cd-9f43-aa6e7d52db10.xml" RLTitle="Connection Security Rule Property Page: General Tab">
		<Attr Name="assetid" Value="0ec58789-26f0-47cd-9f43-aa6e7d52db10" />
		<Keyword Index="AssetId" Term="0ec58789-26f0-47cd-9f43-aa6e7d52db10" />
		<Keyword Index="AssetId" Term="0ec58789-26f0-47cd-9f43-aa6e7d52db101033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="0ec58789-26f0-47cd-9f43-aa6e7d52db10" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\101488a1-9f62-4797-9330-4937c888e371.xml" RLTitle="Connection Security Rule Properties Page">
		<Attr Name="assetid" Value="101488a1-9f62-4797-9330-4937c888e371" />
		<Keyword Index="AssetId" Term="101488a1-9f62-4797-9330-4937c888e371" />
		<Keyword Index="AssetId" Term="101488a1-9f62-4797-9330-4937c888e3711033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="101488a1-9f62-4797-9330-4937c888e371" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\12452b6f-dce5-4515-bfdd-455f08c77e5a.xml" RLTitle="Connection Security Rule Wizard: Exempt Computers Page">
		<Attr Name="assetid" Value="12452b6f-dce5-4515-bfdd-455f08c77e5a" />
		<Keyword Index="AssetId" Term="12452b6f-dce5-4515-bfdd-455f08c77e5a" />
		<Keyword Index="AssetId" Term="12452b6f-dce5-4515-bfdd-455f08c77e5a1033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="12452b6f-dce5-4515-bfdd-455f08c77e5a" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\13da39e0-2a32-4ac4-a952-4391ae88c739.xml" RLTitle="Connection Security Rule Properties Page: Authentication Tab">
		<Attr Name="assetid" Value="13da39e0-2a32-4ac4-a952-4391ae88c739" />
		<Keyword Index="AssetId" Term="13da39e0-2a32-4ac4-a952-4391ae88c739" />
		<Keyword Index="AssetId" Term="13da39e0-2a32-4ac4-a952-4391ae88c7391033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="13da39e0-2a32-4ac4-a952-4391ae88c739" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\142a13a0-f0c4-4122-95d9-ecfb6f6391c4.xml" RLTitle="Firewall Rule Properties Page">
		<Attr Name="assetid" Value="142a13a0-f0c4-4122-95d9-ecfb6f6391c4" />
		<Keyword Index="AssetId" Term="142a13a0-f0c4-4122-95d9-ecfb6f6391c4" />
		<Keyword Index="AssetId" Term="142a13a0-f0c4-4122-95d9-ecfb6f6391c41033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="142a13a0-f0c4-4122-95d9-ecfb6f6391c4" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\14f25442-df7f-4c80-9ffc-b01781b2b246.xml" RLTitle="Firewall Rule Properties Page: Protocols and Ports Tab">
		<Attr Name="assetid" Value="14f25442-df7f-4c80-9ffc-b01781b2b246" />
		<Keyword Index="AssetId" Term="14f25442-df7f-4c80-9ffc-b01781b2b246" />
		<Keyword Index="AssetId" Term="14f25442-df7f-4c80-9ffc-b01781b2b2461033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="14f25442-df7f-4c80-9ffc-b01781b2b246" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\1826c5b4-7aa9-419a-a211-07542a5dcf1a.xml" RLTitle="Firewall Rule Wizard: Action Page">
		<Attr Name="assetid" Value="1826c5b4-7aa9-419a-a211-07542a5dcf1a" />
		<Keyword Index="AssetId" Term="1826c5b4-7aa9-419a-a211-07542a5dcf1a" />
		<Keyword Index="AssetId" Term="1826c5b4-7aa9-419a-a211-07542a5dcf1a1033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="1826c5b4-7aa9-419a-a211-07542a5dcf1a" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\18ddcbbd-4939-492c-a716-f1fccc468c18.xml" RLTitle="Connection Security Rule Wizard: Rule Type Page">
		<Attr Name="assetid" Value="18ddcbbd-4939-492c-a716-f1fccc468c18" />
		<Keyword Index="AssetId" Term="18ddcbbd-4939-492c-a716-f1fccc468c18" />
		<Keyword Index="AssetId" Term="18ddcbbd-4939-492c-a716-f1fccc468c181033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="18ddcbbd-4939-492c-a716-f1fccc468c18" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\1a70e8bc-19f3-4bd5-bba9-d04c432adbc6.xml" RLTitle="Overview of Windows Firewall with Advanced Security">
		<Attr Name="assetid" Value="1a70e8bc-19f3-4bd5-bba9-d04c432adbc6" />
		<Keyword Index="AssetId" Term="1a70e8bc-19f3-4bd5-bba9-d04c432adbc6" />
		<Keyword Index="AssetId" Term="1a70e8bc-19f3-4bd5-bba9-d04c432adbc61033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="1a70e8bc-19f3-4bd5-bba9-d04c432adbc6" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\1a81d9c6-f39f-4835-a00b-11d994247ca9.xml" RLTitle="Dialog Box: Customize Allow If Secure Settings">
		<Attr Name="assetid" Value="1a81d9c6-f39f-4835-a00b-11d994247ca9" />
		<Keyword Index="AssetId" Term="1a81d9c6-f39f-4835-a00b-11d994247ca9" />
		<Keyword Index="AssetId" Term="1a81d9c6-f39f-4835-a00b-11d994247ca91033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="1a81d9c6-f39f-4835-a00b-11d994247ca9" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\20b3aba6-884a-4ef9-8ea7-914e4cd735d9.xml" RLTitle="Monitored Firewall Rules Properties Page">
		<Attr Name="assetid" Value="20b3aba6-884a-4ef9-8ea7-914e4cd735d9" />
		<Keyword Index="AssetId" Term="20b3aba6-884a-4ef9-8ea7-914e4cd735d9" />
		<Keyword Index="AssetId" Term="20b3aba6-884a-4ef9-8ea7-914e4cd735d91033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="20b3aba6-884a-4ef9-8ea7-914e4cd735d9" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\226a35ae-cf87-4bd3-b4be-fab77930e6da.xml" RLTitle="Dialog Box: Add or Edit Integrity Algorithms">
		<Attr Name="assetid" Value="226a35ae-cf87-4bd3-b4be-fab77930e6da" />
		<Keyword Index="AssetId" Term="226a35ae-cf87-4bd3-b4be-fab77930e6da" />
		<Keyword Index="AssetId" Term="226a35ae-cf87-4bd3-b4be-fab77930e6da1033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="226a35ae-cf87-4bd3-b4be-fab77930e6da" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\2318ec3c-e196-4a43-9d79-70ca7c52194a.xml" RLTitle="Connection Security Rule Wizard">
		<Attr Name="assetid" Value="2318ec3c-e196-4a43-9d79-70ca7c52194a" />
		<Keyword Index="AssetId" Term="2318ec3c-e196-4a43-9d79-70ca7c52194a" />
		<Keyword Index="AssetId" Term="2318ec3c-e196-4a43-9d79-70ca7c52194a1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="2318ec3c-e196-4a43-9d79-70ca7c52194a" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\2adf4b4a-fbdb-4bfa-8e09-8648c986f4f0.xml" RLTitle="Firewall Rule Wizard: Protocol and Ports Page - Custom Rule Type">
		<Attr Name="assetid" Value="2adf4b4a-fbdb-4bfa-8e09-8648c986f4f0" />
		<Keyword Index="AssetId" Term="2adf4b4a-fbdb-4bfa-8e09-8648c986f4f0" />
		<Keyword Index="AssetId" Term="2adf4b4a-fbdb-4bfa-8e09-8648c986f4f01033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="2adf4b4a-fbdb-4bfa-8e09-8648c986f4f0" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\39e393da-18a6-4a1d-85d1-d9dcb46e3b93.xml" RLTitle="Monitored Main Mode Security Associations">
		<Attr Name="assetid" Value="39e393da-18a6-4a1d-85d1-d9dcb46e3b93" />
		<Keyword Index="AssetId" Term="39e393da-18a6-4a1d-85d1-d9dcb46e3b93" />
		<Keyword Index="AssetId" Term="39e393da-18a6-4a1d-85d1-d9dcb46e3b931033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="39e393da-18a6-4a1d-85d1-d9dcb46e3b93" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\40413516-c1ab-46b3-b62c-d165b434974b.xml" RLTitle="Monitoring Windows Firewall with Advanced Security">
		<Attr Name="assetid" Value="40413516-c1ab-46b3-b62c-d165b434974b" />
		<Keyword Index="AssetId" Term="40413516-c1ab-46b3-b62c-d165b434974b" />
		<Keyword Index="AssetId" Term="40413516-c1ab-46b3-b62c-d165b434974b1033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="40413516-c1ab-46b3-b62c-d165b434974b" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\41646515-247f-4ce4-a9fd-600bd90ae773.xml" RLTitle="Default Settings for Windows Firewall with Advanced Security">
		<Attr Name="assetid" Value="41646515-247f-4ce4-a9fd-600bd90ae773" />
		<Keyword Index="AssetId" Term="41646515-247f-4ce4-a9fd-600bd90ae773" />
		<Keyword Index="AssetId" Term="41646515-247f-4ce4-a9fd-600bd90ae7731033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="41646515-247f-4ce4-a9fd-600bd90ae773" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\5147487b-bb6a-40e4-b8ee-f263c52bee24.xml" RLTitle="Firewall Rule Properties Page: General Tab">
		<Attr Name="assetid" Value="5147487b-bb6a-40e4-b8ee-f263c52bee24" />
		<Keyword Index="AssetId" Term="5147487b-bb6a-40e4-b8ee-f263c52bee24" />
		<Keyword Index="AssetId" Term="5147487b-bb6a-40e4-b8ee-f263c52bee241033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="5147487b-bb6a-40e4-b8ee-f263c52bee24" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\52a543f3-3baa-42d9-8614-25293d0e3f62.xml" RLTitle="Monitor Firewall Rules - General">
		<Attr Name="assetid" Value="52a543f3-3baa-42d9-8614-25293d0e3f62" />
		<Keyword Index="AssetId" Term="52a543f3-3baa-42d9-8614-25293d0e3f62" />
		<Keyword Index="AssetId" Term="52a543f3-3baa-42d9-8614-25293d0e3f621033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="52a543f3-3baa-42d9-8614-25293d0e3f62" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\53d4595a-b6b0-4133-be9e-03dcecef56e6.xml" RLTitle="Monitor Connection Security Rules - Authentication">
		<Attr Name="assetid" Value="53d4595a-b6b0-4133-be9e-03dcecef56e6" />
		<Keyword Index="AssetId" Term="53d4595a-b6b0-4133-be9e-03dcecef56e6" />
		<Keyword Index="AssetId" Term="53d4595a-b6b0-4133-be9e-03dcecef56e61033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="53d4595a-b6b0-4133-be9e-03dcecef56e6" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\53df2676-ea86-4670-8f48-b113383a0992.xml" RLTitle="Firewall Rule Properties Page: Users Tab">
		<Attr Name="assetid" Value="53df2676-ea86-4670-8f48-b113383a0992" />
		<Keyword Index="AssetId" Term="53df2676-ea86-4670-8f48-b113383a0992" />
		<Keyword Index="AssetId" Term="53df2676-ea86-4670-8f48-b113383a09921033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="53df2676-ea86-4670-8f48-b113383a0992" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\55215ddc-b9aa-4bac-9ec2-d5da5cb3932c.xml" RLTitle="Dialog Box: Customize Settings for a Firewall Profile">
		<Attr Name="assetid" Value="55215ddc-b9aa-4bac-9ec2-d5da5cb3932c" />
		<Keyword Index="AssetId" Term="55215ddc-b9aa-4bac-9ec2-d5da5cb3932c" />
		<Keyword Index="AssetId" Term="55215ddc-b9aa-4bac-9ec2-d5da5cb3932c1033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="55215ddc-b9aa-4bac-9ec2-d5da5cb3932c" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\5886c961-2f7a-46f9-928b-2b906f2c354a.xml" RLTitle="Firewall Rule Wizard">
		<Attr Name="assetid" Value="5886c961-2f7a-46f9-928b-2b906f2c354a" />
		<Keyword Index="AssetId" Term="5886c961-2f7a-46f9-928b-2b906f2c354a" />
		<Keyword Index="AssetId" Term="5886c961-2f7a-46f9-928b-2b906f2c354a1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="5886c961-2f7a-46f9-928b-2b906f2c354a" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\58a40682-63b1-493a-9d97-940532cbbcd8.xml" RLTitle="Dialog Box: Customize Logging Settings for a Firewall Profile">
		<Attr Name="assetid" Value="58a40682-63b1-493a-9d97-940532cbbcd8" />
		<Keyword Index="AssetId" Term="58a40682-63b1-493a-9d97-940532cbbcd8" />
		<Keyword Index="AssetId" Term="58a40682-63b1-493a-9d97-940532cbbcd81033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="58a40682-63b1-493a-9d97-940532cbbcd8" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\5918d117-66c3-4f58-8680-a5a822c40dc7.xml" RLTitle="Dialog Box: Customize Interface Types">
		<Attr Name="assetid" Value="5918d117-66c3-4f58-8680-a5a822c40dc7" />
		<Keyword Index="AssetId" Term="5918d117-66c3-4f58-8680-a5a822c40dc7" />
		<Keyword Index="AssetId" Term="5918d117-66c3-4f58-8680-a5a822c40dc71033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="5918d117-66c3-4f58-8680-a5a822c40dc7" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\5aaa1ce1-0a0e-4686-a4cf-d63cb0a351da.xml" RLTitle="Firewall Rule Wizard: Computers Page">
		<Attr Name="assetid" Value="5aaa1ce1-0a0e-4686-a4cf-d63cb0a351da" />
		<Keyword Index="AssetId" Term="5aaa1ce1-0a0e-4686-a4cf-d63cb0a351da" />
		<Keyword Index="AssetId" Term="5aaa1ce1-0a0e-4686-a4cf-d63cb0a351da1033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="5aaa1ce1-0a0e-4686-a4cf-d63cb0a351da" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\5ca392ca-aece-4319-90c5-80544a29b8e9.xml" RLTitle="Monitor Connection Security Rules - General">
		<Attr Name="assetid" Value="5ca392ca-aece-4319-90c5-80544a29b8e9" />
		<Keyword Index="AssetId" Term="5ca392ca-aece-4319-90c5-80544a29b8e9" />
		<Keyword Index="AssetId" Term="5ca392ca-aece-4319-90c5-80544a29b8e91033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="5ca392ca-aece-4319-90c5-80544a29b8e9" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\60324d03-97f8-4aa5-864b-af205ebff02b.xml" RLTitle="Windows Firewall with Advanced Security">
		<Attr Name="assetid" Value="60324d03-97f8-4aa5-864b-af205ebff02b" />
		<Keyword Index="AssetId" Term="60324d03-97f8-4aa5-864b-af205ebff02b" />
		<Keyword Index="AssetId" Term="60324d03-97f8-4aa5-864b-af205ebff02b1033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="60324d03-97f8-4aa5-864b-af205ebff02b" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="relatedAssets\52c6db15-ed4e-415c-a077-ce2a57486732.gif">
		<Keyword Index="AssetId" Term="52c6db15-ed4e-415c-a077-ce2a57486732" />
	</Vtopic>
	<Vtopic Url="assets\63138fa3-9f09-4684-89cb-c44306ee3763.xml" RLTitle="Connection Security Rule Wizard: Tunnel Endpoints Page - Client-to-Gateway">
		<Attr Name="assetid" Value="63138fa3-9f09-4684-89cb-c44306ee3763" />
		<Keyword Index="AssetId" Term="63138fa3-9f09-4684-89cb-c44306ee3763" />
		<Keyword Index="AssetId" Term="63138fa3-9f09-4684-89cb-c44306ee37631033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="63138fa3-9f09-4684-89cb-c44306ee3763" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\66011489-1eee-4986-9373-565e557db23b.xml" RLTitle="Dialog Box: Customize IPsec Settings">
		<Attr Name="assetid" Value="66011489-1eee-4986-9373-565e557db23b" />
		<Keyword Index="AssetId" Term="66011489-1eee-4986-9373-565e557db23b" />
		<Keyword Index="AssetId" Term="66011489-1eee-4986-9373-565e557db23b1033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="66011489-1eee-4986-9373-565e557db23b" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\6a710a38-a254-4a80-9a53-6ea2e0816d24.xml" RLTitle="Connection Security Rule Wizard: Requirements Page">
		<Attr Name="assetid" Value="6a710a38-a254-4a80-9a53-6ea2e0816d24" />
		<Keyword Index="AssetId" Term="6a710a38-a254-4a80-9a53-6ea2e0816d24" />
		<Keyword Index="AssetId" Term="6a710a38-a254-4a80-9a53-6ea2e0816d241033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="6a710a38-a254-4a80-9a53-6ea2e0816d24" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="relatedAssets\35a693e7-9134-418a-9c80-17f6d60c08e6.gif">
		<Keyword Index="AssetId" Term="35a693e7-9134-418a-9c80-17f6d60c08e6" />
	</Vtopic>
	<Vtopic Url="assets\70d0c763-d3a3-486d-9f91-e213831f2485.xml" RLTitle="Connection Security Rule Wizard: Tunnel Endpoints Page - Gateway-to-Client">
		<Attr Name="assetid" Value="70d0c763-d3a3-486d-9f91-e213831f2485" />
		<Keyword Index="AssetId" Term="70d0c763-d3a3-486d-9f91-e213831f2485" />
		<Keyword Index="AssetId" Term="70d0c763-d3a3-486d-9f91-e213831f24851033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="70d0c763-d3a3-486d-9f91-e213831f2485" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\710fa446-c600-4691-ae28-37a9824fb95d.xml" RLTitle="Connection Security Rule Wizard: Tunnel Type Page">
		<Attr Name="assetid" Value="710fa446-c600-4691-ae28-37a9824fb95d" />
		<Keyword Index="AssetId" Term="710fa446-c600-4691-ae28-37a9824fb95d" />
		<Keyword Index="AssetId" Term="710fa446-c600-4691-ae28-37a9824fb95d1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="710fa446-c600-4691-ae28-37a9824fb95d" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\71ea19d0-e57f-4828-923a-632cdb208aad.xml" RLTitle="Dialog Boxes">
		<Attr Name="assetid" Value="71ea19d0-e57f-4828-923a-632cdb208aad" />
		<Keyword Index="AssetId" Term="71ea19d0-e57f-4828-923a-632cdb208aad" />
		<Keyword Index="AssetId" Term="71ea19d0-e57f-4828-923a-632cdb208aad1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="71ea19d0-e57f-4828-923a-632cdb208aad" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\7e24b5a1-742d-4247-b86d-db9e097dee4e.xml" RLTitle="Dialog Box: Customize Service Settings">
		<Attr Name="assetid" Value="7e24b5a1-742d-4247-b86d-db9e097dee4e" />
		<Keyword Index="AssetId" Term="7e24b5a1-742d-4247-b86d-db9e097dee4e" />
		<Keyword Index="AssetId" Term="7e24b5a1-742d-4247-b86d-db9e097dee4e1033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="7e24b5a1-742d-4247-b86d-db9e097dee4e" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\8039b8d4-e87b-4aac-9c09-6a34cc73f1b6.xml" RLTitle="Connection Security Rule Wizard: Endpoints Page">
		<Attr Name="assetid" Value="8039b8d4-e87b-4aac-9c09-6a34cc73f1b6" />
		<Keyword Index="AssetId" Term="8039b8d4-e87b-4aac-9c09-6a34cc73f1b6" />
		<Keyword Index="AssetId" Term="8039b8d4-e87b-4aac-9c09-6a34cc73f1b61033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="8039b8d4-e87b-4aac-9c09-6a34cc73f1b6" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="relatedAssets\64ce07a8-52a2-4d69-a392-2cae596fef27.gif">
		<Keyword Index="AssetId" Term="64ce07a8-52a2-4d69-a392-2cae596fef27" />
	</Vtopic>
	<Vtopic Url="assets\85c69539-f0c0-474c-9860-d220293ab2d6.xml" RLTitle="Connection Security Rule Wizard: Tunnel Endpoints Page - Custom Configuration">
		<Attr Name="assetid" Value="85c69539-f0c0-474c-9860-d220293ab2d6" />
		<Keyword Index="AssetId" Term="85c69539-f0c0-474c-9860-d220293ab2d6" />
		<Keyword Index="AssetId" Term="85c69539-f0c0-474c-9860-d220293ab2d61033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="85c69539-f0c0-474c-9860-d220293ab2d6" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\8a0b490a-db5e-420f-8990-d0e30a17bc1a.xml" RLTitle="Dialog Box: Customize ICMP Settings">
		<Attr Name="assetid" Value="8a0b490a-db5e-420f-8990-d0e30a17bc1a" />
		<Keyword Index="AssetId" Term="8a0b490a-db5e-420f-8990-d0e30a17bc1a" />
		<Keyword Index="AssetId" Term="8a0b490a-db5e-420f-8990-d0e30a17bc1a1033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="8a0b490a-db5e-420f-8990-d0e30a17bc1a" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\8b29e655-9fb1-4ba5-a701-30812af59d2e.xml" RLTitle="Firewall Rule Wizard: Predefined Rules Page">
		<Attr Name="assetid" Value="8b29e655-9fb1-4ba5-a701-30812af59d2e" />
		<Keyword Index="AssetId" Term="8b29e655-9fb1-4ba5-a701-30812af59d2e" />
		<Keyword Index="AssetId" Term="8b29e655-9fb1-4ba5-a701-30812af59d2e1033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="8b29e655-9fb1-4ba5-a701-30812af59d2e" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\8c965889-6e37-4ad0-b41d-4f98bed709ad.xml" RLTitle="Monitored Quick Mode Security Associations">
		<Attr Name="assetid" Value="8c965889-6e37-4ad0-b41d-4f98bed709ad" />
		<Keyword Index="AssetId" Term="8c965889-6e37-4ad0-b41d-4f98bed709ad" />
		<Keyword Index="AssetId" Term="8c965889-6e37-4ad0-b41d-4f98bed709ad1033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="8c965889-6e37-4ad0-b41d-4f98bed709ad" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\950c636f-f858-4852-8a78-b3222cd57bff.xml" RLTitle="Firewall Rule Properties Page: Scope Tab">
		<Attr Name="assetid" Value="950c636f-f858-4852-8a78-b3222cd57bff" />
		<Keyword Index="AssetId" Term="950c636f-f858-4852-8a78-b3222cd57bff" />
		<Keyword Index="AssetId" Term="950c636f-f858-4852-8a78-b3222cd57bff1033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="950c636f-f858-4852-8a78-b3222cd57bff" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\97e94c49-45b2-4af9-bcd8-07fff5c1618f.xml" RLTitle="Connection Security Rule Properties Page: Computers Tab">
		<Attr Name="assetid" Value="97e94c49-45b2-4af9-bcd8-07fff5c1618f" />
		<Keyword Index="AssetId" Term="97e94c49-45b2-4af9-bcd8-07fff5c1618f" />
		<Keyword Index="AssetId" Term="97e94c49-45b2-4af9-bcd8-07fff5c1618f1033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="97e94c49-45b2-4af9-bcd8-07fff5c1618f" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\9868a02b-2d5f-4a8d-a1f7-f6f1a64cec99.xml" RLTitle="Understanding Firewall Rules">
		<Attr Name="assetid" Value="9868a02b-2d5f-4a8d-a1f7-f6f1a64cec99" />
		<Keyword Index="AssetId" Term="9868a02b-2d5f-4a8d-a1f7-f6f1a64cec99" />
		<Keyword Index="AssetId" Term="9868a02b-2d5f-4a8d-a1f7-f6f1a64cec991033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="9868a02b-2d5f-4a8d-a1f7-f6f1a64cec99" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\98690952-0b7a-4b1f-bbee-3db1fa381f4f.xml" RLTitle="Firewall Rule Wizard: Profile Page">
		<Attr Name="assetid" Value="98690952-0b7a-4b1f-bbee-3db1fa381f4f" />
		<Keyword Index="AssetId" Term="98690952-0b7a-4b1f-bbee-3db1fa381f4f" />
		<Keyword Index="AssetId" Term="98690952-0b7a-4b1f-bbee-3db1fa381f4f1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="98690952-0b7a-4b1f-bbee-3db1fa381f4f" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\99ae4ae7-1d65-4020-b26c-bfaf2df8ba6b.xml" RLTitle="Monitor Firewall Rules - Programs and Ports Page">
		<Attr Name="assetid" Value="99ae4ae7-1d65-4020-b26c-bfaf2df8ba6b" />
		<Keyword Index="AssetId" Term="99ae4ae7-1d65-4020-b26c-bfaf2df8ba6b" />
		<Keyword Index="AssetId" Term="99ae4ae7-1d65-4020-b26c-bfaf2df8ba6b1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="99ae4ae7-1d65-4020-b26c-bfaf2df8ba6b" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\9d81b178-5fef-4b23-9dc7-e85f20bbf5d9.xml" RLTitle="Monitored Connection Security Rules Properties Page">
		<Attr Name="assetid" Value="9d81b178-5fef-4b23-9dc7-e85f20bbf5d9" />
		<Keyword Index="AssetId" Term="9d81b178-5fef-4b23-9dc7-e85f20bbf5d9" />
		<Keyword Index="AssetId" Term="9d81b178-5fef-4b23-9dc7-e85f20bbf5d91033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="9d81b178-5fef-4b23-9dc7-e85f20bbf5d9" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\9fcdfb8b-6e47-4c72-b6f3-cb6e5fdb529f.xml" RLTitle="Connection Security Rule Wizard: Profile Page">
		<Attr Name="assetid" Value="9fcdfb8b-6e47-4c72-b6f3-cb6e5fdb529f" />
		<Keyword Index="AssetId" Term="9fcdfb8b-6e47-4c72-b6f3-cb6e5fdb529f" />
		<Keyword Index="AssetId" Term="9fcdfb8b-6e47-4c72-b6f3-cb6e5fdb529f1033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="9fcdfb8b-6e47-4c72-b6f3-cb6e5fdb529f" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\a4c3ccd0-9ec1-4da5-982d-6e65877b5db3.xml" RLTitle="Dialog Box: Customize Protected Network Connections for a Firewall Profile">
		<Attr Name="assetid" Value="a4c3ccd0-9ec1-4da5-982d-6e65877b5db3" />
		<Keyword Index="AssetId" Term="a4c3ccd0-9ec1-4da5-982d-6e65877b5db3" />
		<Keyword Index="AssetId" Term="a4c3ccd0-9ec1-4da5-982d-6e65877b5db31033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="a4c3ccd0-9ec1-4da5-982d-6e65877b5db3" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\aa9088cb-98f3-4c53-8270-09484edb997a.xml" RLTitle="Understanding Firewall Profiles">
		<Attr Name="assetid" Value="aa9088cb-98f3-4c53-8270-09484edb997a" />
		<Keyword Index="AssetId" Term="aa9088cb-98f3-4c53-8270-09484edb997a" />
		<Keyword Index="AssetId" Term="aa9088cb-98f3-4c53-8270-09484edb997a1033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="aa9088cb-98f3-4c53-8270-09484edb997a" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\aaad90b0-4f52-46ca-9636-e05175e4aa78.xml" RLTitle="Dialog Box: Customize Advanced Key Exchange Settings">
		<Attr Name="assetid" Value="aaad90b0-4f52-46ca-9636-e05175e4aa78" />
		<Keyword Index="AssetId" Term="aaad90b0-4f52-46ca-9636-e05175e4aa78" />
		<Keyword Index="AssetId" Term="aaad90b0-4f52-46ca-9636-e05175e4aa781033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="aaad90b0-4f52-46ca-9636-e05175e4aa78" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\b029858f-ef85-4cdd-a29c-06a9457f4365.xml" RLTitle="Firewall Rule Wizard: Protocol and Ports Page - Port Rule Type">
		<Attr Name="assetid" Value="b029858f-ef85-4cdd-a29c-06a9457f4365" />
		<Keyword Index="AssetId" Term="b029858f-ef85-4cdd-a29c-06a9457f4365" />
		<Keyword Index="AssetId" Term="b029858f-ef85-4cdd-a29c-06a9457f43651033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="b029858f-ef85-4cdd-a29c-06a9457f4365" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\b31c589e-5b17-42df-b7ad-041084dd2074.xml" RLTitle="Dialog Box: Add or Edit Integrity and Encryption Algorithms">
		<Attr Name="assetid" Value="b31c589e-5b17-42df-b7ad-041084dd2074" />
		<Keyword Index="AssetId" Term="b31c589e-5b17-42df-b7ad-041084dd2074" />
		<Keyword Index="AssetId" Term="b31c589e-5b17-42df-b7ad-041084dd20741033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="b31c589e-5b17-42df-b7ad-041084dd2074" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\b8b120da-821c-45f1-86ee-d7303f6b500a.xml" RLTitle="Firewall Rule Properties Page: Advanced Tab">
		<Attr Name="assetid" Value="b8b120da-821c-45f1-86ee-d7303f6b500a" />
		<Keyword Index="AssetId" Term="b8b120da-821c-45f1-86ee-d7303f6b500a" />
		<Keyword Index="AssetId" Term="b8b120da-821c-45f1-86ee-d7303f6b500a1033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="b8b120da-821c-45f1-86ee-d7303f6b500a" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\ba442eea-0e40-4936-bb3a-413993267098.xml" RLTitle="Firewall Rule Wizard: Program Page">
		<Attr Name="assetid" Value="ba442eea-0e40-4936-bb3a-413993267098" />
		<Keyword Index="AssetId" Term="ba442eea-0e40-4936-bb3a-413993267098" />
		<Keyword Index="AssetId" Term="ba442eea-0e40-4936-bb3a-4139932670981033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="ba442eea-0e40-4936-bb3a-413993267098" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\c243c092-48c6-4073-9b19-b9c98c931582.xml" RLTitle="User Interface: Windows Firewall with Advanced Security">
		<Attr Name="assetid" Value="c243c092-48c6-4073-9b19-b9c98c931582" />
		<Keyword Index="AssetId" Term="c243c092-48c6-4073-9b19-b9c98c931582" />
		<Keyword Index="AssetId" Term="c243c092-48c6-4073-9b19-b9c98c9315821033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="c243c092-48c6-4073-9b19-b9c98c931582" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\c85aba54-dcb3-45be-b1bd-271d579da6fc.xml" RLTitle="Firewall Rule Wizard: Users Page">
		<Attr Name="assetid" Value="c85aba54-dcb3-45be-b1bd-271d579da6fc" />
		<Keyword Index="AssetId" Term="c85aba54-dcb3-45be-b1bd-271d579da6fc" />
		<Keyword Index="AssetId" Term="c85aba54-dcb3-45be-b1bd-271d579da6fc1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="c85aba54-dcb3-45be-b1bd-271d579da6fc" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\cc83aec7-e835-4b20-acbd-e40eac6764f2.xml" RLTitle="Firewall Rule Wizard: Scope Page">
		<Attr Name="assetid" Value="cc83aec7-e835-4b20-acbd-e40eac6764f2" />
		<Keyword Index="AssetId" Term="cc83aec7-e835-4b20-acbd-e40eac6764f2" />
		<Keyword Index="AssetId" Term="cc83aec7-e835-4b20-acbd-e40eac6764f21033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="cc83aec7-e835-4b20-acbd-e40eac6764f2" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\ccd5048b-bdba-47b7-8658-9f8bbbcec7fb.xml" RLTitle="Firewall Rule Properties Page: Computers Tab">
		<Attr Name="assetid" Value="ccd5048b-bdba-47b7-8658-9f8bbbcec7fb" />
		<Keyword Index="AssetId" Term="ccd5048b-bdba-47b7-8658-9f8bbbcec7fb" />
		<Keyword Index="AssetId" Term="ccd5048b-bdba-47b7-8658-9f8bbbcec7fb1033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="ccd5048b-bdba-47b7-8658-9f8bbbcec7fb" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\cd103e5b-9da9-438d-a9b8-ed96384a17f2.xml" RLTitle="Dialog Box: Customize IPsec Tunneling Settings">
		<Attr Name="assetid" Value="cd103e5b-9da9-438d-a9b8-ed96384a17f2" />
		<Keyword Index="AssetId" Term="cd103e5b-9da9-438d-a9b8-ed96384a17f2" />
		<Keyword Index="AssetId" Term="cd103e5b-9da9-438d-a9b8-ed96384a17f21033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="cd103e5b-9da9-438d-a9b8-ed96384a17f2" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\d42aa5c6-4859-4f78-b001-dc067151521b.xml" RLTitle="Dialog Box: Add Security Method">
		<Attr Name="assetid" Value="d42aa5c6-4859-4f78-b001-dc067151521b" />
		<Keyword Index="AssetId" Term="d42aa5c6-4859-4f78-b001-dc067151521b" />
		<Keyword Index="AssetId" Term="d42aa5c6-4859-4f78-b001-dc067151521b1033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="d42aa5c6-4859-4f78-b001-dc067151521b" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\d43f0fad-14d0-4def-8440-631d6e8fe905.xml" RLTitle="Connection Security Rule Wizard: Authentication Method Page">
		<Attr Name="assetid" Value="d43f0fad-14d0-4def-8440-631d6e8fe905" />
		<Keyword Index="AssetId" Term="d43f0fad-14d0-4def-8440-631d6e8fe905" />
		<Keyword Index="AssetId" Term="d43f0fad-14d0-4def-8440-631d6e8fe9051033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="d43f0fad-14d0-4def-8440-631d6e8fe905" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\d857a0e4-9ae0-4ee0-84a1-13100e8e5948.xml" RLTitle="Monitor Firewall Rules - Advanced">
		<Attr Name="assetid" Value="d857a0e4-9ae0-4ee0-84a1-13100e8e5948" />
		<Keyword Index="AssetId" Term="d857a0e4-9ae0-4ee0-84a1-13100e8e5948" />
		<Keyword Index="AssetId" Term="d857a0e4-9ae0-4ee0-84a1-13100e8e59481033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="d857a0e4-9ae0-4ee0-84a1-13100e8e5948" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\d9626188-57c8-49b1-ad44-66e75119a5f9.xml" RLTitle="Connection Security Rule Properties Page: Protocols and Ports Tab">
		<Attr Name="assetid" Value="d9626188-57c8-49b1-ad44-66e75119a5f9" />
		<Keyword Index="AssetId" Term="d9626188-57c8-49b1-ad44-66e75119a5f9" />
		<Keyword Index="AssetId" Term="d9626188-57c8-49b1-ad44-66e75119a5f91033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="d9626188-57c8-49b1-ad44-66e75119a5f9" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\dc5c6bc1-9537-456d-b168-faf78a66554f.xml" RLTitle="Firewall Rule Wizard: Rule Type Page">
		<Attr Name="assetid" Value="dc5c6bc1-9537-456d-b168-faf78a66554f" />
		<Keyword Index="AssetId" Term="dc5c6bc1-9537-456d-b168-faf78a66554f" />
		<Keyword Index="AssetId" Term="dc5c6bc1-9537-456d-b168-faf78a66554f1033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="dc5c6bc1-9537-456d-b168-faf78a66554f" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\dd07bae3-3af0-469b-adc8-84f78f4169e8.xml" RLTitle="Dialog Box: Add or Edit Second Authentication Method">
		<Attr Name="assetid" Value="dd07bae3-3af0-469b-adc8-84f78f4169e8" />
		<Keyword Index="AssetId" Term="dd07bae3-3af0-469b-adc8-84f78f4169e8" />
		<Keyword Index="AssetId" Term="dd07bae3-3af0-469b-adc8-84f78f4169e81033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="dd07bae3-3af0-469b-adc8-84f78f4169e8" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\e3c300ca-1c4c-43a3-82d1-7e4b0860b7e2.xml" RLTitle="Understanding Connection Security Rules">
		<Attr Name="assetid" Value="e3c300ca-1c4c-43a3-82d1-7e4b0860b7e2" />
		<Keyword Index="AssetId" Term="e3c300ca-1c4c-43a3-82d1-7e4b0860b7e2" />
		<Keyword Index="AssetId" Term="e3c300ca-1c4c-43a3-82d1-7e4b0860b7e21033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="e3c300ca-1c4c-43a3-82d1-7e4b0860b7e2" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\e98f04c7-99c8-4816-a640-da8e73a14db3.xml" RLTitle="Connection Security Rule Wizard: Protocols and Ports Page">
		<Attr Name="assetid" Value="e98f04c7-99c8-4816-a640-da8e73a14db3" />
		<Keyword Index="AssetId" Term="e98f04c7-99c8-4816-a640-da8e73a14db3" />
		<Keyword Index="AssetId" Term="e98f04c7-99c8-4816-a640-da8e73a14db31033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="e98f04c7-99c8-4816-a640-da8e73a14db3" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\ec590a1c-d105-4cf9-bf83-6606624c33db.xml" RLTitle="Connection Security Rule Properties Page: Advanced Tab">
		<Attr Name="assetid" Value="ec590a1c-d105-4cf9-bf83-6606624c33db" />
		<Keyword Index="AssetId" Term="ec590a1c-d105-4cf9-bf83-6606624c33db" />
		<Keyword Index="AssetId" Term="ec590a1c-d105-4cf9-bf83-6606624c33db1033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="ec590a1c-d105-4cf9-bf83-6606624c33db" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\ed344be2-ee6d-4a37-ac31-4f0b9763d04b.xml" RLTitle="Monitor Connection Security Rules - Advanced">
		<Attr Name="assetid" Value="ed344be2-ee6d-4a37-ac31-4f0b9763d04b" />
		<Keyword Index="AssetId" Term="ed344be2-ee6d-4a37-ac31-4f0b9763d04b" />
		<Keyword Index="AssetId" Term="ed344be2-ee6d-4a37-ac31-4f0b9763d04b1033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="ed344be2-ee6d-4a37-ac31-4f0b9763d04b" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\ee8441ab-55b4-4ce3-b658-d4e28320a010.xml" RLTitle="Firewall Rule Properties Page: Programs and Services Tab">
		<Attr Name="assetid" Value="ee8441ab-55b4-4ce3-b658-d4e28320a010" />
		<Keyword Index="AssetId" Term="ee8441ab-55b4-4ce3-b658-d4e28320a010" />
		<Keyword Index="AssetId" Term="ee8441ab-55b4-4ce3-b658-d4e28320a0101033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="ee8441ab-55b4-4ce3-b658-d4e28320a010" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\f19cbe6e-7235-4613-90d0-6f7a3e8a6093.xml" RLTitle="Dialog Box: Customize Advanced Authentication Methods">
		<Attr Name="assetid" Value="f19cbe6e-7235-4613-90d0-6f7a3e8a6093" />
		<Keyword Index="AssetId" Term="f19cbe6e-7235-4613-90d0-6f7a3e8a6093" />
		<Keyword Index="AssetId" Term="f19cbe6e-7235-4613-90d0-6f7a3e8a60931033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="f19cbe6e-7235-4613-90d0-6f7a3e8a6093" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\f4d3d872-6514-49fd-b8ed-1d725f74f0c1.xml" RLTitle="Dialog Box: Customize Data Protection Settings">
		<Attr Name="assetid" Value="f4d3d872-6514-49fd-b8ed-1d725f74f0c1" />
		<Keyword Index="AssetId" Term="f4d3d872-6514-49fd-b8ed-1d725f74f0c1" />
		<Keyword Index="AssetId" Term="f4d3d872-6514-49fd-b8ed-1d725f74f0c11033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="f4d3d872-6514-49fd-b8ed-1d725f74f0c1" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\f637c2d4-a8aa-4e7a-b437-86b8e3accc7f.xml" RLTitle="Dialog Box: Customize IPsec Tunnel Authorization">
		<Attr Name="assetid" Value="f637c2d4-a8aa-4e7a-b437-86b8e3accc7f" />
		<Keyword Index="AssetId" Term="f637c2d4-a8aa-4e7a-b437-86b8e3accc7f" />
		<Keyword Index="AssetId" Term="f637c2d4-a8aa-4e7a-b437-86b8e3accc7f1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="f637c2d4-a8aa-4e7a-b437-86b8e3accc7f" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\f87bdc33-14b4-4832-b190-377f16d7e671.xml" RLTitle="Configuring Firewall Rules">
		<Attr Name="assetid" Value="f87bdc33-14b4-4832-b190-377f16d7e671" />
		<Keyword Index="AssetId" Term="f87bdc33-14b4-4832-b190-377f16d7e671" />
		<Keyword Index="AssetId" Term="f87bdc33-14b4-4832-b190-377f16d7e6711033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="f87bdc33-14b4-4832-b190-377f16d7e671" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\f9172bb1-6c9e-4e09-a1cb-6e6912459aee.xml" RLTitle="Dialog Box: Add or Edit First Authentication Method">
		<Attr Name="assetid" Value="f9172bb1-6c9e-4e09-a1cb-6e6912459aee" />
		<Keyword Index="AssetId" Term="f9172bb1-6c9e-4e09-a1cb-6e6912459aee" />
		<Keyword Index="AssetId" Term="f9172bb1-6c9e-4e09-a1cb-6e6912459aee1033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="f9172bb1-6c9e-4e09-a1cb-6e6912459aee" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\ffe91987-ce8c-4caa-826a-fb26d9d3f23b.xml" RLTitle="Resources for Windows Firewall with Advanced Security">
		<Attr Name="assetid" Value="ffe91987-ce8c-4caa-826a-fb26d9d3f23b" />
		<Keyword Index="AssetId" Term="ffe91987-ce8c-4caa-826a-fb26d9d3f23b" />
		<Keyword Index="AssetId" Term="ffe91987-ce8c-4caa-826a-fb26d9d3f23b1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1782" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="ffe91987-ce8c-4caa-826a-fb26d9d3f23b" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
</VTopicSet><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpTOC>
<HelpTOC xmlns="http://schemas.microsoft.com/help/toc/2004/11" DTDVersion="1.0" Id="authfw_TOC" FileVersion="" LangId="1033" ParentNodeIcon="Book" PluginStyle="Hierarchical">
	<HelpTOCNode Url="mshelp://windows/?tocid=88bf7139-6cc1-4c1d-8634-4d454fffa043" Title="">
		<HelpTOCNode Url="mshelp://windows/?id=60324d03-97f8-4aa5-864b-af205ebff02b" Title="Windows Firewall with Advanced Security">
			<HelpTOCNode Url="mshelp://windows/?id=1a70e8bc-19f3-4bd5-bba9-d04c432adbc6" Title="Overview of Windows Firewall with Advanced Security" />
			<HelpTOCNode Url="mshelp://windows/?id=9868a02b-2d5f-4a8d-a1f7-f6f1a64cec99" Title="Understanding Firewall Rules" />
			<HelpTOCNode Url="mshelp://windows/?id=e3c300ca-1c4c-43a3-82d1-7e4b0860b7e2" Title="Understanding Connection Security Rules" />
			<HelpTOCNode Url="mshelp://windows/?id=aa9088cb-98f3-4c53-8270-09484edb997a" Title="Understanding Firewall Profiles" />
			<HelpTOCNode Url="mshelp://windows/?id=40413516-c1ab-46b3-b62c-d165b434974b" Title="Monitoring Windows Firewall with Advanced Security" />
			<HelpTOCNode Url="mshelp://windows/?id=41646515-247f-4ce4-a9fd-600bd90ae773" Title="Default Settings for Windows Firewall with Advanced Security" />
			<HelpTOCNode Url="mshelp://windows/?id=f87bdc33-14b4-4832-b190-377f16d7e671" Title="Configuring Firewall Rules" />
			<HelpTOCNode Url="mshelp://windows/?id=ffe91987-ce8c-4caa-826a-fb26d9d3f23b" Title="Resources for Windows Firewall with Advanced Security" />
			<HelpTOCNode Url="mshelp://windows/?id=c243c092-48c6-4073-9b19-b9c98c931582" Title="User Interface: Windows Firewall with Advanced Security">
				<HelpTOCNode Url="mshelp://windows/?id=05d277a3-2b83-4951-a2fc-e2ca78a24f24" Title="Windows Firewall with Advanced Security Properties Page" />
				<HelpTOCNode Url="mshelp://windows/?id=2318ec3c-e196-4a43-9d79-70ca7c52194a" Title="Connection Security Rule Wizard">
					<HelpTOCNode Url="mshelp://windows/?id=18ddcbbd-4939-492c-a716-f1fccc468c18" Title="Connection Security Rule Wizard: Rule Type Page" />
					<HelpTOCNode Url="mshelp://windows/?id=8039b8d4-e87b-4aac-9c09-6a34cc73f1b6" Title="Connection Security Rule Wizard: Endpoints Page" />
					<HelpTOCNode Url="mshelp://windows/?id=6a710a38-a254-4a80-9a53-6ea2e0816d24" Title="Connection Security Rule Wizard: Requirements Page" />
					<HelpTOCNode Url="mshelp://windows/?id=d43f0fad-14d0-4def-8440-631d6e8fe905" Title="Connection Security Rule Wizard: Authentication Method Page" />
					<HelpTOCNode Url="mshelp://windows/?id=e98f04c7-99c8-4816-a640-da8e73a14db3" Title="Connection Security Rule Wizard: Protocols and Ports Page" />
					<HelpTOCNode Url="mshelp://windows/?id=12452b6f-dce5-4515-bfdd-455f08c77e5a" Title="Connection Security Rule Wizard: Exempt Computers Page" />
					<HelpTOCNode Url="mshelp://windows/?id=710fa446-c600-4691-ae28-37a9824fb95d" Title="Connection Security Rule Wizard: Tunnel Type Page" />
					<HelpTOCNode Url="mshelp://windows/?id=85c69539-f0c0-474c-9860-d220293ab2d6" Title="Connection Security Rule Wizard: Tunnel Endpoints Page - Custom Configuration" />
					<HelpTOCNode Url="mshelp://windows/?id=63138fa3-9f09-4684-89cb-c44306ee3763" Title="Connection Security Rule Wizard: Tunnel Endpoints Page - Client-to-Gateway" />
					<HelpTOCNode Url="mshelp://windows/?id=70d0c763-d3a3-486d-9f91-e213831f2485" Title="Connection Security Rule Wizard: Tunnel Endpoints Page - Gateway-to-Client" />
					<HelpTOCNode Url="mshelp://windows/?id=9fcdfb8b-6e47-4c72-b6f3-cb6e5fdb529f" Title="Connection Security Rule Wizard: Profile Page" />
				</HelpTOCNode>
				<HelpTOCNode Url="mshelp://windows/?id=101488a1-9f62-4797-9330-4937c888e371" Title="Connection Security Rule Properties Page">
					<HelpTOCNode Url="mshelp://windows/?id=0ec58789-26f0-47cd-9f43-aa6e7d52db10" Title="Connection Security Rule Property Page: General Tab" />
					<HelpTOCNode Url="mshelp://windows/?id=97e94c49-45b2-4af9-bcd8-07fff5c1618f" Title="Connection Security Rule Properties Page: Computers Tab" />
					<HelpTOCNode Url="mshelp://windows/?id=d9626188-57c8-49b1-ad44-66e75119a5f9" Title="Connection Security Rule Properties Page: Protocols and Ports Tab" />
					<HelpTOCNode Url="mshelp://windows/?id=13da39e0-2a32-4ac4-a952-4391ae88c739" Title="Connection Security Rule Properties Page: Authentication Tab" />
					<HelpTOCNode Url="mshelp://windows/?id=ec590a1c-d105-4cf9-bf83-6606624c33db" Title="Connection Security Rule Properties Page: Advanced Tab" />
				</HelpTOCNode>
				<HelpTOCNode Url="mshelp://windows/?id=5886c961-2f7a-46f9-928b-2b906f2c354a" Title="Firewall Rule Wizard">
					<HelpTOCNode Url="mshelp://windows/?id=dc5c6bc1-9537-456d-b168-faf78a66554f" Title="Firewall Rule Wizard: Rule Type Page" />
					<HelpTOCNode Url="mshelp://windows/?id=ba442eea-0e40-4936-bb3a-413993267098" Title="Firewall Rule Wizard: Program Page" />
					<HelpTOCNode Url="mshelp://windows/?id=b029858f-ef85-4cdd-a29c-06a9457f4365" Title="Firewall Rule Wizard: Protocol and Ports Page - Port Rule Type" />
					<HelpTOCNode Url="mshelp://windows/?id=2adf4b4a-fbdb-4bfa-8e09-8648c986f4f0" Title="Firewall Rule Wizard: Protocol and Ports Page - Custom Rule Type" />
					<HelpTOCNode Url="mshelp://windows/?id=8b29e655-9fb1-4ba5-a701-30812af59d2e" Title="Firewall Rule Wizard: Predefined Rules Page" />
					<HelpTOCNode Url="mshelp://windows/?id=cc83aec7-e835-4b20-acbd-e40eac6764f2" Title="Firewall Rule Wizard: Scope Page" />
					<HelpTOCNode Url="mshelp://windows/?id=1826c5b4-7aa9-419a-a211-07542a5dcf1a" Title="Firewall Rule Wizard: Action Page" />
					<HelpTOCNode Url="mshelp://windows/?id=c85aba54-dcb3-45be-b1bd-271d579da6fc" Title="Firewall Rule Wizard: Users Page" />
					<HelpTOCNode Url="mshelp://windows/?id=5aaa1ce1-0a0e-4686-a4cf-d63cb0a351da" Title="Firewall Rule Wizard: Computers Page" />
					<HelpTOCNode Url="mshelp://windows/?id=98690952-0b7a-4b1f-bbee-3db1fa381f4f" Title="Firewall Rule Wizard: Profile Page" />
				</HelpTOCNode>
				<HelpTOCNode Url="mshelp://windows/?id=142a13a0-f0c4-4122-95d9-ecfb6f6391c4" Title="Firewall Rule Properties Page">
					<HelpTOCNode Url="mshelp://windows/?id=5147487b-bb6a-40e4-b8ee-f263c52bee24" Title="Firewall Rule Properties Page: General Tab" />
					<HelpTOCNode Url="mshelp://windows/?id=ee8441ab-55b4-4ce3-b658-d4e28320a010" Title="Firewall Rule Properties Page: Programs and Services Tab" />
					<HelpTOCNode Url="mshelp://windows/?id=14f25442-df7f-4c80-9ffc-b01781b2b246" Title="Firewall Rule Properties Page: Protocols and Ports Tab" />
					<HelpTOCNode Url="mshelp://windows/?id=950c636f-f858-4852-8a78-b3222cd57bff" Title="Firewall Rule Properties Page: Scope Tab" />
					<HelpTOCNode Url="mshelp://windows/?id=b8b120da-821c-45f1-86ee-d7303f6b500a" Title="Firewall Rule Properties Page: Advanced Tab" />
					<HelpTOCNode Url="mshelp://windows/?id=ccd5048b-bdba-47b7-8658-9f8bbbcec7fb" Title="Firewall Rule Properties Page: Computers Tab" />
					<HelpTOCNode Url="mshelp://windows/?id=53df2676-ea86-4670-8f48-b113383a0992" Title="Firewall Rule Properties Page: Users Tab" />
				</HelpTOCNode>
				<HelpTOCNode Url="mshelp://windows/?id=20b3aba6-884a-4ef9-8ea7-914e4cd735d9" Title="Monitored Firewall Rules Properties Page">
					<HelpTOCNode Url="mshelp://windows/?id=52a543f3-3baa-42d9-8614-25293d0e3f62" Title="Monitor Firewall Rules - General" />
					<HelpTOCNode Url="mshelp://windows/?id=99ae4ae7-1d65-4020-b26c-bfaf2df8ba6b" Title="Monitor Firewall Rules - Programs and Ports Page" />
					<HelpTOCNode Url="mshelp://windows/?id=d857a0e4-9ae0-4ee0-84a1-13100e8e5948" Title="Monitor Firewall Rules - Advanced" />
				</HelpTOCNode>
				<HelpTOCNode Url="mshelp://windows/?id=9d81b178-5fef-4b23-9dc7-e85f20bbf5d9" Title="Monitored Connection Security Rules Properties Page">
					<HelpTOCNode Url="mshelp://windows/?id=5ca392ca-aece-4319-90c5-80544a29b8e9" Title="Monitor Connection Security Rules - General" />
					<HelpTOCNode Url="mshelp://windows/?id=53d4595a-b6b0-4133-be9e-03dcecef56e6" Title="Monitor Connection Security Rules - Authentication" />
					<HelpTOCNode Url="mshelp://windows/?id=ed344be2-ee6d-4a37-ac31-4f0b9763d04b" Title="Monitor Connection Security Rules - Advanced" />
				</HelpTOCNode>
				<HelpTOCNode Url="mshelp://windows/?id=39e393da-18a6-4a1d-85d1-d9dcb46e3b93" Title="Monitored Main Mode Security Associations" />
				<HelpTOCNode Url="mshelp://windows/?id=8c965889-6e37-4ad0-b41d-4f98bed709ad" Title="Monitored Quick Mode Security Associations" />
				<HelpTOCNode Url="mshelp://windows/?id=71ea19d0-e57f-4828-923a-632cdb208aad" Title="Dialog Boxes">
					<HelpTOCNode Url="mshelp://windows/?id=226a35ae-cf87-4bd3-b4be-fab77930e6da" Title="Dialog Box: Add or Edit Integrity Algorithms" />
					<HelpTOCNode Url="mshelp://windows/?id=b31c589e-5b17-42df-b7ad-041084dd2074" Title="Dialog Box: Add or Edit Integrity and Encryption Algorithms" />
					<HelpTOCNode Url="mshelp://windows/?id=06cbaf77-aa9d-4dec-b056-3dcd2616e4fa" Title="Dialog Box: Add or Edit IP Addresses" />
					<HelpTOCNode Url="mshelp://windows/?id=d42aa5c6-4859-4f78-b001-dc067151521b" Title="Dialog Box: Add Security Method" />
					<HelpTOCNode Url="mshelp://windows/?id=f19cbe6e-7235-4613-90d0-6f7a3e8a6093" Title="Dialog Box: Customize Advanced Authentication Methods" />
					<HelpTOCNode Url="mshelp://windows/?id=aaad90b0-4f52-46ca-9636-e05175e4aa78" Title="Dialog Box: Customize Advanced Key Exchange Settings" />
					<HelpTOCNode Url="mshelp://windows/?id=1a81d9c6-f39f-4835-a00b-11d994247ca9" Title="Dialog Box: Customize Allow If Secure Settings" />
					<HelpTOCNode Url="mshelp://windows/?id=f4d3d872-6514-49fd-b8ed-1d725f74f0c1" Title="Dialog Box: Customize Data Protection Settings" />
					<HelpTOCNode Url="mshelp://windows/?id=8a0b490a-db5e-420f-8990-d0e30a17bc1a" Title="Dialog Box: Customize ICMP Settings" />
					<HelpTOCNode Url="mshelp://windows/?id=5918d117-66c3-4f58-8680-a5a822c40dc7" Title="Dialog Box: Customize Interface Types" />
					<HelpTOCNode Url="mshelp://windows/?id=66011489-1eee-4986-9373-565e557db23b" Title="Dialog Box: Customize IPsec Settings" />
					<HelpTOCNode Url="mshelp://windows/?id=f637c2d4-a8aa-4e7a-b437-86b8e3accc7f" Title="Dialog Box: Customize IPsec Tunnel Authorization" />
					<HelpTOCNode Url="mshelp://windows/?id=cd103e5b-9da9-438d-a9b8-ed96384a17f2" Title="Dialog Box: Customize IPsec Tunneling Settings" />
					<HelpTOCNode Url="mshelp://windows/?id=58a40682-63b1-493a-9d97-940532cbbcd8" Title="Dialog Box: Customize Logging Settings for a Firewall Profile" />
					<HelpTOCNode Url="mshelp://windows/?id=a4c3ccd0-9ec1-4da5-982d-6e65877b5db3" Title="Dialog Box: Customize Protected Network Connections for a Firewall Profile" />
					<HelpTOCNode Url="mshelp://windows/?id=7e24b5a1-742d-4247-b86d-db9e097dee4e" Title="Dialog Box: Customize Service Settings" />
					<HelpTOCNode Url="mshelp://windows/?id=55215ddc-b9aa-4bac-9ec2-d5da5cb3932c" Title="Dialog Box: Customize Settings for a Firewall Profile" />
					<HelpTOCNode Url="mshelp://windows/?id=f9172bb1-6c9e-4e09-a1cb-6e6912459aee" Title="Dialog Box: Add or Edit First Authentication Method" />
					<HelpTOCNode Url="mshelp://windows/?id=dd07bae3-3af0-469b-adc8-84f78f4169e8" Title="Dialog Box: Add or Edit Second Authentication Method" />
				</HelpTOCNode>
			</HelpTOCNode>
		</HelpTOCNode>
	</HelpTOCNode>
</HelpTOC><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpIndex>
<HelpIndex DTDVersion="1.0" Name="AssetId" /><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpIndex>
<HelpIndex DTDVersion="1.0" Name="BestBet" /><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpIndex>
<HelpIndex DTDVersion="1.0" Name="LinkTerm" /><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpIndex>
<HelpIndex DTDVersion="1.0" Name="SubjectTerm" /> 5uUP!7VßOßþö½6ÛÝöÙtdö…¢™²ášB¸FÆ¨º t'!$õ´“ˆTR©¥JI*Xt„*‚5Ã®›o¸÷}„HÌŒìÎ ~žwgßû^Ÿ÷~yÿ»þç-€à¢	ŽE¬%Ñè¹›R¢bÆ™u°B,ÍÄHDKÙæR
å%“ dÆh;€¢¹˜9A€…\¸hEˆÂ/’ ,R4Dd`õ@þdL®´ùX:€‚ » Å#bý»iþÆ9K«ÕbMûËU5“¥§éŒ~s\{~µÿ”ôn¥Wž[lýšÞy×uç¸ËÌ›šç\þËÜ{&2Øëææ¹—Ã7ŸÏOÕèhgÕ!¾7—ÏeÇ\ìO=öú½ÔlšžU—´×*~k××5üyœlk¸ —æÕ§ôµ~ëZµ×ˆ³Ñåë¼g£Ë×›¾—'ëFœ.S¾Û¹âvtlÙâltþzø¶]¾«8[]Æ¯Ö`|ç_×¨´qéU¯×Öç°»¯Þ¸å=×wòÙ®ëžõmss‹íñ=¹Ì³¾·>Íˆóíg>ÄíÝ[z¨Oë._ö¤ãk¸“—…ômôuYo×óØß›ËçÑž5—çÙË›™ìÚïær¹ðµçÍe¬Æ|Ï.ƒnrž¹F»o}7šõ¬z°y¬—.z¶v—½p="\Ã_º.£ŽüEþø|Ï.“îºç™å¶»Í›g\^—Üçˆ³½n.Ÿ¿æ[ßj=Pýn;·—¡zÞvž%¸ðÛ.×è½¿ËË&½®>ïÍ·‹þ‰‡…Òoÿä^žéŸðÝ¹†_x_H(G®Ë_»ÏócGÏÏa¸åùyò)ç®ËÃ¼çŠÅíþ4•Ïìh~˜x•jú»]ƒü¨éÌòëºg|Ï.·»nnžsüw—óÍeq³÷|òËëæçË0x›9Ï\ŽÃÜgŒe¾7—çÈãž6—žõ<s¶¹3Þùž\¦oÝæ<s¹¬xÜóæ²¼å=k9îwsóe›ÎÍÞxæ{sùŒvró›ËÙcçóÑ|WÔÿýÉW‡Zö–ö±ÏÄ ½sÓ‹¢ÛÓ~…žêª†_®ÚªÚè©®èªõno®^a.‡÷s W½ÕEšn¡®éª®ª¾ém®šûInÄøqt“ÕþÓ¹³¾}¢øåÐÑÓõ—ûVJg/ö¯»ÿ·÷ÞÝOÝf¿>î°uŸwØßÞ7¿¿{ó‹ß>Ø_CÜð¶GýóÉVûÎñžä¹ÓùÛçöÇ«ìWÞU¯ÊÓþîø¿ö<oN*»‹àöaÈï^Mñj4¯)8üÇûV_³ál³ÂÃFßíÞêØh0¸v?6æÎ“m“7¬‡²Ílê6ºØo7Ã¯Žønq¿Ü,=yâ5¸´ùÇïg®ønq/Þl·ùâk½Æ¹z3ÿÑæŒÎýûýf÷ËæÈýgó´Í{nŽì9
©£çO7WÇf±Úä÷¸“«ã‘ˆì—\7“Çìã<†7§zµ7¹}{f™>ä.·korõŽsS4ÛÓý"G…õöy¿>ÐÍr3XO¢s»pmorõŽtGõk:Ž¯È„=ÛÒ	¶tNÏz¯ŽKôØíõ	_í[õø_íI	±Éø	_¶5Ùã¶tOß~ÌVSvÛÍ§mé»ß«ááÿ¶X~Óõôî7CÇ)æª^åë„¹9=^7sõ,|*>½f°=Ü]Zòû¡§riBïxy/åÒ~úKgé¡
sŠ=	¾cÞèÒ®¿<†K—i£Ž{2Ÿ÷Ò.§g´Ï>º4—éÓðµó\z\—æýI1{zì+]qKíÓ]zK/i›-÷™.Í¥üô|
Û;–—ÆýN±zï?]ÜKìô¥ýÞwœõOçÒj4ÝÖ¹Ûž
ÏkÔ¥m<&Kÿi©½sÓ=©K{éŸ®Ò]šêó\²OöCçü¸—ÎôVÇüi»}uv/?õ¾=~Sßè±÷ŽOÏÑ;õŽFûßÑþ'=üð×.¿‡Ù}Þº+b¢.º£+½bëñÑ#]Ò]q+ñÒ3]Ó]q;ñÓ÷^ÝŠ]1CqÔK]Ô]ñSqÕ[]Õ^ñ§ù[óÖñí1ºÙ?Î›Cc³Üî{s§ÖÑîñ½™SûèºšëßôG;µÖÔºï>ÀSëèžºGêÀx{ÄSøèM-GãÔ_Xýß“ŽßÁ™ì˜ðù‡ÍSøhO]£7µáæ<‡ÞÔ|ô§FÑ:ñ¼šñ›ZFZìd–ÇnÄ©7òêÅŒqñí˜ãÆdµ“=Ñôíø³=ì!Ý¹O›ä“?ÝŽö|+àc´rÊÈ7ËcrÇ‘ä˜%?5{È;NC–xòyîÊÏcrÇ•äŸ«=‡ü=¶!xíÌôå‡Ýñ2ÙÈTc~±ü>ÎýÖüw=ù!~¼!¸í6üóCö˜‡,qç™ìn³Ç?ä=Èi~–~È‚ƒ!§øíîüôCö8‡üc¸yôÑÝc²ãÈy~ù÷|,CñÜyðtáënŽÀì;Ü}Àn º/óçÝN†®÷.\ú÷î}w0îÌûƒßÃéð¿_ÍxŒúïR'<§©äÃÁþáx	nõ;\áðâóê³¾—O÷jYÓ¾õ§“]ývïgÀ,p7ñ¼¹×ò74ñ ãÁÈÃ‘$L <PyÁòÃåÌ™§5·ÑÍãyçÞÀÐÂLÓ.uÜÍzg%ü°‹Ùþ±s]˜œ#zitÌbJß+tNéþ«o7O¦u_²æûä»
žÝ¼²Þñýéýðº¿>×žÿ…#¥"\§»ûþö}÷Z÷Ÿ¾7¥éK¡N)}oÔ:¥ô•S§”¾—êÒúV«SJ_{uOé¾|ë”ÒfSú_{Jôí[§”¾ë÷Né}¹ý)é+O”¾øNé}»ð)Ò7zSú¯à:¥ôýÁ§JßvOé¾„ì”Ò7Ÿ)}×ðŸÒ}ñ)ÒŸ)}WñÒúŠ±SJß]|§ô_Æ|Jômd§”¾ëøNé}ËÙ)¥¯>>Súß³vJé‹O”¾ùOé¾’í”Ò7'Ÿ)}—òŸÒ}+Ú)¥¯Z>Súßµ|Jô½l§”¾‹ùOé¾™ù”é«›O”¾·íŸÒ}9ó)Ò·ºSú¯ç>¥ú~èS¥/};§ôßÐwJé¢O”¾7îŸÒ}GÜ)¥¯;§ô¾tî”Ò·ÚSúß»wJé‹¤O”¾oÝ;¥ôÍz§”¾[úNé}÷ô)Ò×òSúß¾wJéë§O”¾÷ïžÒúÀSJßE}§ô¾‚ú”é›O)}/á<¥ô-†§”¾«úOé}â)¥/®>Sú/ë>¥ú¶vS”¾7ñžÒú*ÅSJß÷nžÒú2xS”¾ëúMéúæÆSJßWožÒú:ÇSJßyOé}#ä)¥¯<§ô¾”ò”Ò·ZžSúßËyJé‹3O)}¯æ<¥ôÝœ§”¾ïÞ-¥”¾ô•ï¤.¥”¾·ó^Ó{á®Ú+VX…XaVa…VX…XaVa…VX…XaVa…VX…XaVa…VX…XaVa…VX…XaVa…VX…XaVa…VX…XaVa…VX…XaVa…VX…XaVa…VX…XaVa…VX…XaVa…VX…XaVa…VX…XaV…”ùo¶†°D_†d¨
µ``èpµWÁ‚!á×Ø‚‚!aØØ‚‚¡âlÁÁplYÁËÍ†‰CáÄâ‚ÁXq¸`0´^\.1†CÆ‚ááÙÚ‚‚!ãFÁ-¦;.Õ†!Úã‚ÁðL{^0Õ †ÃíÁpd{\0ŠG.†$Û‚aáÚÛ‚‚!°ä{Á0tß^†&m†Ã“·C!ÊÛ‚‚á÷¹`0Lª\.W,†Ã–¸C¡Ëå‚Áðs¹`0ŒÊ\/†q™Ã!Íæ‚Á°”{[00ŒÚ\.oå†8Ü‚á0çsÁ`¨8·½`Òw.ÃºÏ‚!°çsÁ`èÚ½/†wÞ‚!ðçtÁ`º]0
y/†Ã¡Ñ‚!°ètÁ`hê½.H†Ã¤Ò‚¡pétÁ`Èlº]0:…È € @@€ € @@€ € @@€ € @@€ € @@€ € @@€ € @@€ € @@€ € @y€µÿëõìx‹Þ{–F4°À,À,°°À,À,°°À,À,°°À,À,°°À,À,°°À,À,°°À,À,°°À,À,°°À,À,°°À,À,°°À,À,°°À,À,°°À,À,°°À,À,°°À,À,°°À,À>°íÇ?½“eDˆ"„!Bˆ"DB„!Dˆ"„!Bˆ"DB„!Dˆ"„!Bˆ"DB„!Dˆ"„!Bˆ"DB„!Dˆ"„!Bˆ"DB„!Dˆ"„!Bˆ"DB„!Dˆ"„!Bˆ"DB„!Dˆ"„!Bˆ"DB„!Dˆ"„!Bˆ"DB„!Dˆ"„!Bˆ"DB„!Dˆ"„!Bˆ"DB„!Dˆ"„!Bˆ"DB„!Dˆ"„!Bˆ"DB„!Dˆ"„!Bˆ"DB„!Dˆ"„!Bˆ"DB„!Dˆ"„!Bˆ"DC„~ìâö_ÜW=inþ¯û;âíO›^ÜW_þ¦oüÓ£ÝNù›ºýI´Ùóûþg©SÉ«fMüÑþß9l¬)œãœ<³¦áiäœ5Fw›²×WþävxµÚÓžËÃô×¦ÉÃôÍ(§äáú®oSááúf¶Sóp}Ã÷)üßû}“ì;óþÝºnªÛhö¡5Zh…h¡Z¡…Zh…h¡Z¡…Zh…h¡Z¡…Zh…h¡Z¡…Zh…h¡Z¡…Zh…h¡Z¡…Zh…h¡Z¡…Zh…h¡Z¡…Zh…h¡Z¡…Zh…h¡Z¡…Zh…h¡Z¡…Zh…h¡Z¡…Zh…h¡Z¡…Zh…h¡Z¡…Zh…h¡Z¡…Zh…h¡Z¡…Zh…h¡Z¡…Zh…h¡Z¡…Zh…h¡Z¡…Zh…h¡Z¡…Zh…h¡Z¡…Zh…h¡Z¿…Ðúº$H	‚ AH$	A‚ $H	‚ AH$	A‚ $H	‚ AH$	A‚ $H	‚ AH$	A‚ $H	‚ AH$	A‚ $H	‚ AH$	A‚ $H	‚ AH$	A‚ $H	‚ AH$	A‚ $H	‚ AH$	A‚ $H	‚ AH$	A‚ $H	‚ AH$	A‚ $H	‚ AH$	A‚ $H	‚ AH$	A‚ $H	‚ AH$	A‚ $H	‚ AH$	A‚ $H	‚ AH$	A‚g/¨aÂ˜0&L	Â„0aL˜&„	aÂ˜0&L	Â„0aL˜&„	aÂ˜0&L	Â„0aL˜&„	aÂ˜0&L	Â„0aL˜&„	aÂ˜0&L	Â„0aL˜&„	aÂ˜0&L	Â„0aL˜&„	aÂ˜0&L	Â„0aL˜&„	aÂ˜0&L	Â„0aL˜&„	aÂ˜0&L	Â„0aL˜&„	aÂ˜0&L	Â„0aL˜&„	aÂ˜0&L	Â„0aL˜&„	aÂ˜0&L	Â„0aL˜&„	aÂ˜0&L	Â„0aL˜&„	aÂ˜0&L	Â„0aL˜&„	aÂ˜0&L	Â„0aL˜&„	aÂ˜0&L	Â„0aL˜&úp+Ïà‚.¸‚¸à.à‚.¸‚¸à.à‚.¸‚¸à.à‚.¸‚¸à.à‚.¸‚¸à.à‚.¸‚¸à.à‚.¸‚¸à.à‚.¸‚¸à.à‚.¸‚¸à.à‚.¸‚¸à.à‚.¸‚¸à.à‚.¸‚¸à.à‚.¸‚¸à.à‚.¸‚¸à.à‚.¸‚¸à.à‚.¸‚¸à.à‚.¸‚¸à.à‚.¸‚ÖàöÛ5ð¯n	ú‹¾™ÿä]eíCçœN'nß÷uô'È|¨ý*ªÌ‚
¨ 
* ‚*¨‚
¨ 
* ‚*¨‚
¨ 
* ‚*¨‚
¨ Pu:T*¨‚
¨ 
* ‚*¨‚
¨ 
*‚P= ¾*¨‚
¨ 
* ‚*¨‚
±¡¡âÑóÂÕùAØPPñTATPPATATP®øëÔg¹Æ`¨ 
* ‚*¨‚
¨ 
*¡‚QPË.AzP]íŸ ‚*¨‚
¨ 
* ‚*¨‚
¨ 
* ‚*¨‚
¨ 
* ‚*¨‚
¨ *@÷¡îƒÝ‡»xÓ¤ýª;ÔwÈú ïPôaßÁ¾~‡§þ<@} xúzðu(|`x úáðâÄêÙõ·>v;(X<án4ãfÿãë;yƒÐàxáñä‡È’&<Py¨ò`æáÌÔéó9ça{B1A×û¥ËúP*¨†

ªª†ßQÄEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQET™¿<Lììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììú¡-ÿEüQEYQA•(ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢(+Š¨2ÿ{&|vvvvvvvvvvvvvvvvvvvvvvvv}jP;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;>;¨‡þ~–="þ(ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((Š³¢ß/‘?ZÏõÌÏ¬†Š™5YëŸAÆP>³
* ‚*¨¨lllêy†ÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙÙôÙC=þ;ø[(ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢/ÖfÏKŠ"¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢(H’Š¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((ŠŠ¢¢((Šé¬äùEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEIR2TEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQkòÏ»Š"¢(IŠ‡*óÆö¹Í¾»Ø¿îv¸}îÚ³‡:ì#>Yús’8Mvÿ’ùà½Þu¹i[îôÛnøÿüï¼òüùžÜn'¿5ñóŸdçÄÿË¹ë~›îÝ‡O[<¨òÜú÷¥|í'ýŸýæ\éÃî³üÓ›{×ú%ÿØG· ±ÏÏüßû¹Å3?Ù•º¿÷ÿ_.~¸5¡†~´{Bþ]ú—öéþ|úòÖÏïáìáïþü«ôªCrþ3þÍÝøeÞùËñ·ó|ŸúîÓJŸÐÎ/ìþWænÛã‰5öa¥Ÿóïhþl²BF[Êó^v«gþl›þ·îÙõr5ÛäA¿÷ßû(7ëÝ‹¿mqy^çËÏ8é„?=ô¼¸Ù*¿>í´oÐãRh‡OývvA¨Uu×S®}oiOJ˜"Š[\l†c›K¦
ÃiÝ†š†1w×4Z‘OÝºJ×V¿ßx¿ÑŒ¡]•U"Xî{ßýs4y^öû»ÏkïìóáÏÞð»½‹÷zÎa~÷µ=ÿ=ÓõSQ]B“öÚjM•0]2“p’˜mZ2—84"Å'‰Û8â%™¦“ÓHÜSÇî\‰P¸MÌEÕk»9
++ÖÕÇfÅXCÕÍ†äç!ÄÇA€˜()*9‡æ†·†Æ¯Î˜¼
ÄIûËÈÿÃî½ö=ÛEQD!ÁIŠ²¦†gL¹Û¨p#6Ý˜8Óègv'z8õˆÎkAÀÐ½2ª31A×Ç¬1ŸzP¿JYê²ÞÌp÷6EL’ãtß0'ý÷É8’OfWé@ùÐø½è>Ú:ªñ£#å°þ….~R##(¾é¯éÏø
óÑ¨TÍoEÿé·ÃåZÏ»71Ö¿ŒÀ"ç,e…½S&i&§Ù³÷Àf½|ìÿÚ¥Rà{ÍçWÈ‚ ^ùµRýÓ&³35Ae6Ñ,Îj:èÿ÷)žÝÈW¼‹ªþÿ¯;ñGöÛ^Ô3Ùàt¥÷ßÔ“ÏÏ÷!ÝW°•Ïk¡ÓÌáÇÞã2Hd¨n—çÔþœâ^ (±k‡Ø:Ø3ßLðï~Zî8Ó¿\¿ßGþµ‚ÜúêÌ5U’²:˜E«jŸ®¶p³¨Aï8ÈØ¡ Ö>Ã®Â„Î/2V‘fNzIÊb³yÁ½œ´F§/îfÏDnIQ.]Íi2æ/ñ)‹¦œÜ2’Œw¸ýš4ŠtÁc0ºÜ:öæPÀG «ýM³JñÏ_G£ Ï?é†Ê†G8Ç´€MoˆuÉ€cN=ú}´›ÁÖt½ºB˜üãîÀèN+æ€v[=VôzÏl§Ç±Ÿ§ÿµ;édb; !»ÔÀÝ–«x{×h½«?¤5†ôÝ¢ûF‡ô‚Vª•íê0 Óàu6ßg—¥uŠ@âz7ç&ykìÇÊÃÏ¢5Í„P×Š½o™¢êa`àGÙVðENHÚ&¸>n=LðàÝ>kìûÒ¤oË'Œüïk‚>÷QNµ_çlôü:¬ÏU;OÞ5T3¡»µàp€þ?DV³Y+cŒÓCŠê¬0ÈvÆ.Qãaw×Wo1®µpPN“ÍUrç¯ræÞÿ:ÞYÕaqTŒ‡$³Áv
þw–Ø
%$Þí÷9æOÁ>DŸz”c¸•.F9ot!Œ<Gª1\ÙbYXîtäüøùÒž±Þ©¶´Å4ŒþïV§‹vþðÉü2l›®^˜Õßg,Ô*LÅ6wƒ-±ÍV®í+1·ÁÔ K–³âêª)¿8~ÅkTH·qî€“Hþü9·UÒòÜSÑ3ËvPxé1ïg,uƒôÃ#é_E´k.4[wƒ/`÷‡üÂFñàdó-0†¡=~ˆG<hÙ5ìˆ„/à^{µtÚKC¹¿ûøï[\D¿î#õå0zÔcuÌCÑ×Šî›	;¡ªôèÛö½Aÿô‘ø·{‹¯‹£IûúÔtõkÿWhØ ¥*Õ~íD¥è_JŠÿKÿ?Â‰qà1ûW÷Ô)ÅOêyP)ŸRùuXúØõWA…v#ñFàëRÿ?«m:¶(‹ž@·Ã‚H§K.sß¯„ÛÁ_
‘Ú(`%Í%ÚÕ¡2ÞÁ¸óL³Y#ÅíÄ"µø‡á^_+aš Á…•5ÏS	Ï^Æµ{ ìÐ‰ÅÜküŠ%¦¸;¸+«>}la‚ºû¦zcœGÜ¢ë]å®ÙF¦…Ó£BxÙ½ÇU¬š)Ã¦Z&w!•ÖD]LÐÓ67ù‡ÒPÂÔNîsXWæÜ{£f+š8Üm!ªpŽ+ÙÃ~ B$Tl,²’®ÂT±öîÿ,»AìZúöUðWìiùûœê7Â+ÏE=Vm'ÙŽ‡DPïõì{¬!õ‡´Å&ë@E¤<Æ8ïÉ1øåÜs:ú‹XÖÕµx•~3ø
¤È=ÿG€g76½/³ôbiºaÊ´›ÆV«ïf[Ã	Ùa7 k	WªZG%=PcžèOÞŒˆ¹m1%škMQ:Ý“,ÇìâGÍ…H9H¨½žÒï¶ÓîëUý©WAÿ2ÜrÞ¦ÏÎi·”Ké	Á¿èQ1«ýö„_l37!×Ãœë:ð3º4Û#tÛ)CsÌ^j+Þ£@kjfá¤æY1w`”˜¹Á( Ôßo6¸Æh®½³üŒ^Å?•’~»¬aÎ¸~t]ýòÃÞf fwº¦úœz›ö=…c•ÊF:D>àA(t”2¸€”Â™Ù+49«3|E«0ˆQ–ŽÞ9V4c^£JÔ
?QØ}#ŸFQ¡WüÞïV.Ž™U"àCl”£(Ë›(Š¢óÍ¬‡y};[óóe6namWsÏ×·ÕÒ±‚Éõ$N„_Ù ór•×©F|,ÝÎú`(¨oÏß(ÞÊž2à,&;x¤ø"•4+ø
Ú2Æ”Ógm½3 ØÒ
©H]‘I4Y&¼Ñ
š4®42h+ª¬_^>Sýü[uq¤Ò?±ÜªÝ71àl¸el$e¶’lúi$!7“TŽMÂ=£B¬ãE¬“+[â ŒžL:#âÃhº!ÚÐ‘èZäµÛÆmÀ„$¶Š×pŒ—Íl•žSI×
Ñ€JXEÎxŠÄ„à_ÄdÞr{¸¶^÷´d%@œ*Õçí¥Œ{®µ`'8_TÁ@‰‹txÈ+9ˆÏÒðGóç:Ò‡¢Îž«+••û[ñ2tûü>—'8DØP,2Ñ¶É¹‹f6^Ã‰jÖ«9KÈ’R›¾3aµT
¡é±HÌYÌE"z+3.Ž/gä´4¢’Nd8XÃ#òù™ÃƒJêe÷IYK8$ãqH4¬Sx™,ÇÑé®^3å"‚D^L“¦})âõPrS»âuÒÕ|‰nü´år`s$¿‚\†WAï³!{2¢B»ÞñZºýçî˜(ìH´]„i¨4Oðyìuˆªhd”jˆ²™»ã»L•j"=×=‘Woôðôµ÷pEMØŽ ›K\ó0LYl#dãÝö	![äS¡6¡PfÝ˜Èqîb™ÃìÇÑâW¶ÇÌá´Z¾…ie1Ñ–_™ÍG]&-¢óÚ ßçZÍâ’àüÐ^z÷gªwüö¬ÿÝÊH\Â/Ã/¥4GÞcšH&a:îˆÕhºÒ¹ÏÛgô[Îð¦O+ü®®¬êJ2ˆô\ÅßL•OÆˆ?{]d¨q—ê ®ÔûzÀÈ{‘ÐNÑèÕ_ÄîmÒÛÐ¨ÜîOÐv¨€ž4ÞMk`cüãDÿô%ã%¢OÍããÒqË7fvlù]ºm²¼cS-ëü`v;XEŠ–’fvàÊÈYÀíhiîtÖ$Uð¿ü}Ì’pEƒ*ü¥ßgS¯Àÿî¥Ò#‚®ë¡”f”Á›ä‰t85T|ÇÐ„œ|ŒïëYb>yH˜öÞ@õÔñÉÈK}²ìcØ3½´Épû'šªì†ïWnÍêç$ÝéuqÐr9;§êkI	šËš`J˜;¹“fäˆMq8š¨'öàò¬&*†pºIÂYWOõvÄ¾wjüPÔ€aø~9Äp’X/ø½¾îëŽÙux
@¦Î<ÝU½Æ¯
ÂñÖ@É¾–fšæ“¯è‚.eRš©NbnÆBÎí×ï¶G åêo ³;ëINÕ`¶˜g±‡¾›…)™…½ü©ž#ìºý*¸îŽ¢~¢Þqf-¦jÖ°nÏr“4¨‡v¦ëœ	×|-LÉ¨·C'´ÞIr–+›»
wÞ‘bárSºSö]E
Ä{á™½pµÙ”ˆì[çzàP÷ƒGÀØAÏ’ˆ’©Ç0$k’™›0ž-þh>‹>O*éý4§Ré•ÇŒ{´ÉÙÞ{lòv’Ó’#‰:Õ8Þˆ¦këŠ4Ã^e1RîE±§6‘ëcôo‡»¡êR+*{r¾V—º;¾O÷X›ªKïÒÓž˜"¯²è:¬[›8’#Ý;±ê.ÅBŒ´+‚[ŒùSÝôcÞñ#gin:ôw:8ì£z.j7„nqkP¥)³E™ååÅ– Zr
qèO+™ypÔøÜs÷£eI¾ÛüÀüƒnIäÀU5¿ÅpWß{5—7ª]0áÉªQ o	{~–•÷
U… ·y¤‰»\¯yypÒve¦•ƒppòûYÀh—Õ=¡ª’%JÌ+ôíôKçe«ãÚ5R&Nvª¯{û–[µCK(ozŸÖÒ¬(¶ë8œQÑÍ^jt˜‹/KäÛÇÔke‹/uï{¿´•vÿÓ]0/ê»ï’!ÿ Šnù4†½Pq-ñ™Ù÷Q‘bÏ™ÓT!ºïdÛ3b3´“3zÈüÇQôÓðÈý!¥u!åÌOÛzBÄ"rïx§Ã	Þ)¸1›Õ]ÐÔ*ð~óMð’Ì,âmwº«KÚ`‰nØ1KZàd”vÑ™æ²šÚÜ©‚7|I.ÍSo‘Ì½D+Ììãw"˜¢•·±è‡dx"v¢–úmoGlâw¦£êïòÛ_ŽìBÊ\»–§æ½??#€âøH Ìêè/¯Û£>¦:ËEû8CÀ¦Pû¥ŒpÙÂBlJÐ4Œøì.†’iý|¨\6d¢&ÁÉž¼ÐcÔ•4+W‰“T£DÖŠ~‰Ö.O½wcÓsÝNLMÀMÙ£óó´ü1S[“”gðFI½\\`=ìªD£žà‹pä›ÒŸ»Ÿv=Á‰hâpµ£XàJþVòÓ"¤¯àcpBW•`*Š -<+ø„<KMchªºã•ÀSNC(Ì°§%¸ |õ÷ú|]£Uëç¼ºuÅ›0ÿTÛ	%-("µ¸Ënèþ€"mëG2f0“Eþ"Œ¶Ì32ÓRJcq}YÕH7á!W‰Ývœvr‰-ûæAÄÒŒQ‘¸,ô	'¸Ã_ZðÙÅò×7-³’ý—Ú”²E?aŸM@Âñ•uRX‹ëK %ù¾spˆôB‚Ð%WÇ¢*'Rì)Šcv®’ð,e8ì¬UÀéÆ¿”èGîpc!_/‘2pJ¶[.—fo¬Ç“—›ÙúK&;Ê•…mù°èmš¬m÷å|èP€r{}¼KÏ€¤À‹bNCÂåØdÒu›wøsû6$É}fJGÚTŒœW1m×÷j>ÙYùºá0’Ê¾äpKâüÍ®öÐèÔ7x'‹òúÔ¢„ ×ìUrLß*uí7ïŽZâŽGËi~æê“ 3ný¢í÷aC~Ê•=Câ½±ÅçËs[…mM+^$nb¥ôÎÂèðØpàY‰Ä›H¦Û2ºÏpÝCºÚNa«ð)yØßhòxµ?%L£;ZØ¥D/¾±Ý.IXÝ›& üsFO81*Ãsª¨>£9þ½p<ýVÄ†o<”!m·`íhBNµmâyÝ\{ê’¡è¢R÷7ëâ^ôºx|LþéŸÑ)Ô¾ÔêHlœ-YC%V…„açÑW:•ªÂVÌ·©2
vx3b"ä™u‘ÿ$s‰Ë:{ãÝ*Ì ¢ _`–’$¾ç¢[Ê:‹”ø)«}šì½ìx;R!#7ûª"7M/ü0}zevkS3iOMÍøßƒc;Þ|ir\‡ÞWkÒü]¡Êùï¤1-# ¼¾èÒ|Ê“˜`ÜŽVI÷Yql“äAà¥R††‚½XW÷~ø®³kŠGÜû”_;
zº
ø‰W mÞNÑÜóF’$ÓÑJw+ˆ¦íµ0+òáòµ½¸;æGöØ·oì&Ð„òLÎf”wvŒrº+_n“Y²á÷ü]UnÍHˆ„
Ùb¡»Í!Á<¢Rÿ[má‡>Mhw…š1¶6|»Ð¯0Gq¤+ò¿6ÙýX’\:nÓ9©2Žlº¿m‰ã@‰¾}q{aË¸{°e§ùœ>¤šÂt|qz%××8x‡j…íÝ©d¢¹îªc¹”K‹úUùA£‘øÛ;ü·bKfü¾´E/½ÙÛë„&
$Ç~æÛ|
h (Ö|?¦âBJö“5²"Ôí©üH³¡þNWw7–Ì¨fÎÞç2Pó(?¥z!ÈóÃ’îôzï»w.qÑH‚3fWëYx–øƒu¦ô´æªï:‡»ò×èÿ3îT´z3žEJ}åyráËxð¬@ñõoÞ/3û$¬“&’2"»AloÖôFgÒ€ôÖ’—üüú¼Õ:$Sú%÷<”"ÅÍ5k6Cc‡ëÀ‘ôÞ˜¹„u¯õÄ]
Ú£eP/‘¨)OnÓž»è=¹&Wf51ŽœÔs³ì
àWvB|u³*Å‘ˆ{0fY>ÆTv§÷“úGlôÞþ`ã{±FûÅãÓËvLeÊ> >Rk; iqÕŽ@Ì8ÌiÖ6TÛ¸kÝŸ`aÈ'Jaƒž8–»Þô)ÕÔÍè©ü¶ì)
eþSà|jwF×kÈª$è²m™6àÏ¼øF®èAJð ·*Ïývƒcú~”»aMâEô½ÉÅá`±Pa8r"›	V_úê²Ã…N;Ì²®îÇŸ´zñûiµñB‹ð µÜ¡rÃT¢`úæcË›?VËUôÖ¥æ/#)ñ¬vô$ X<!%/Ì3d´Y.>=Ã2nÜ£®-,~ ù+‹½»í{t¢B×àp‰ºŽùçJ¤	 Ž®¡Œ˜HÞ„þû6Y7w0o×'fñ•yÆÀ¤?Ï:Œ‚Pè¾Eì™z+r„Ê*ÝîŒðIïžû*pÒóÀePwo›s@@Aú‰Þë^"Iã$-R'\uYBÞì6ùuz[9³Õ’Ìá=Ç“
Ê°øaŸA/(A.Ö	‰˜‡-àx¼ª¯!w‹<ZyÊé€—>ÝErœF½°]êNêÿµö[ØÝqïËœ>mE˜_°Á¯z^†|u;p½#ÞI½@ÿOƒð¹»m7Îêb:ì.âúèÔ±Õ{;–j]§7Õ|Æ:¤ì«giq“v×%z¶bLÿÒvˆÜn”ðfó;Õý„sž[0RƒÛÃ~Î?|=û2
Qìyã¼Jl¹ÞpVW±µ¶±q¨úq#,ÙÂæÅóàtiè7á2Ðs®à¨Fë	¸¯Å|Ù2ÆjƒE$ Mnp„Ý–ÖÙš•£N±':IÖðzø²ü×<#Û«À:C=]B ÂgÆ7{™j”+µ&½.cE'ñkVÛîš£©¼SB€:(j›K\agZœ	ÍäÅE¬i©èÄ×a¢Š<áˆBëcr}‹Íº|‡
úSÅµÅÚ~7·@Kñ¶LÊÔB‚æ+q5{t§ÞIàU{°+Û‰×ÍÁ/^ŽM-€¶C¬ÝÃçû’;†ætePú,Îú!l
ÑÏ'è¥aq\ð¥îiv:´AÞ\•ðý¢1kDÓ±XM`¢Yáˆ[¤2Ž×hT<\*à˜ÄóUî>fÝµ5ç+É #Îs_9g¡+sJ¾7\C<×Ã…X}šMd¢bÿ‡þ«¹º£³§ê>Õþ“B2°‘Æ7‰)ÊT	éhMêè“_¾!2c-HÈbÝS¥æH%ÖR=Ö`yOØr
¼#°N`C!l9*ŽŽì¨øû†
Ó/r`?Ó=ÌÊ+;ëMÙw
Ž’œ>mèqº³Õò\,±bAµ‚Ï1z0ÆÐ9DÌa<îmq–ÍzÐÞÊŽ^±Â@;&nzIYlx»¶äSîçÑómíEj´€Lù÷³ØäÙ0ù÷ß«'±É‚ýž°wÐë?âø Õ#hþP
šo·BûH™—¼¦ãK©%D¢2kÆßÁ?ºõè-KœJ,;Œ²>©™lÇê%¡%'ËXÅ$±ÄTÄ
Á0ýðöTwê8jæò´
  .C”~´
ÄŽßF©ÆYFÃr¾ Þ"¾?·€Wäü¯>äó5‚ê‡í1v
FŸÀFòLo@†ï@•ÿ_=NíÇ¿•ü¹xˆ»1÷ÝA†öƒî†!©äÜ;¨G~erMûœ?ßwí»kÚ]×î»vÝµí®kw]»îÚv×µ»®Ýwí»kÚ]×î»vÝµí®kw]»îÚv×õ»}å	€'Ñ51zŠ¾Ñ^ô
(,WÑÂ®uŠ
oªyÈ±]|~ëÝ¤ý¦š€ŒbÒ«î¬íáQrÔ££tÕÒv;«É<Åøûl ¾+ª+Maž°Ã:Å9P5=À™î§¨§€t©
ÇÕºa-Ž¸Á 
-¡uw†buÃ€cÚQ_6ÚóÔÙå–Ëg8Côñ«ö4”ñŸsÖZ2iwƒäpž—rƒMGì*ëØr1É“tÑw¨Y‡3lûº¹9&˜^QB‹ÆrQBç£ø.·s}û¬¶žÌ¶!s“4€Ãi£80²ÝE2eÌÞ@¼Ç,8þ‹çVo´AtÅÓÀÏ@ckôÖ#ð/]è÷I1§"ÃÂÁWÝÛ¢s‰9VÉÞëªY×b”=˜b×ºPïèÐjËÜ¼ãÍGx\i{‚…#ª¦žÁÕÞ‘{÷ò‹v1>Y;PüRMÝ´ÉÊñ—$W®Q,LŒÉH
1áCØîäÌVqšºªA’6o¯Õ‡]æt¾‚ÄÉY:íÍF¥™™¸DÚav†…ï4—ýë°‘Õ}I÷d”8Ï&$·<"À?o%Ë¯åÙèFƒ^Æ¨w™¢mÁM`³ìéýjèßL$hmýpwÊ€ur„AwÔ}"„S³Ñò_Q;°˜®=ÙV&•g™ƒØöÕi³{2žcwý:²LlBj²A
ÚNPÄêÖ<t·bšµ—Ž”c¤<Ûì„1ÓrAžécéoÉ0Èk&;Ž{¬úX/¥çVAÝƒu@,ÔÇÓ”YáËq!Ào’ºñSçÐóT¶¦¡n vËºe7Û-jÙÎT
mšü,ÛÀÈ§<U…BSæ`¤¾«EýfNC¡Ñûkb|+É”0´Ä+ù÷ú	>Zg#F;îè8U.¦þð]FÞy¨ ;¤²®Ái{]ô¥º	UEÙ‚Ë’C8LÄ8SÖ—æAçìIr-ÞÌ.î{ÀAXœã0•‹¢$¾·àù'1ã#ó!…n‚Úýù½c~ËÊýk…#óA˜‹]ßL>t¾!Ð}¸1£Ï@¤Qå£âµŽ¯w¿xl«±ê\mÅKý–ß“©x±òìÿUxrOzeÀo.ófgÓ)Ûv}±[K
p«3	6”ÄuJe¹P.Ã,>~ªðsy®¥Ó³qO;
ÙûaRˆˆÖ5ŒQ…ÓÑHxñ
Ì´f=°_Š{&ßØÝ=í»ZUNV89ï×?Ó”ýC c1\ìãMÂbÙq,ÌAbopN‡€¬ŽÇbÎ¡ +ðYggºÓâûÌ>0Ÿ¬{‰$t}¹“A+¬²dè1çÓt¹<LQZ#Cëy^ÌìT¢ƒóZŒ˜y;þºád¦`œ!t]õr*‹AEâk¹‚óžÓè–ª•íf¸÷CAc¦êeBÝGñf.iÓ\P“ýzùH¸2´\-ýQ~Æ‘ƒ‰;EBw¿UqÊú$7âýäõ?Ÿ½?¤=X¶¡š’9‚m¹–îkÌa“
[ùd¦¦¶Kã1ñ|7Óûd´TèÏ°òìø¬[ÛPàª•»21ùàÓëíÆ\ÄŒ··¶¥ƒ@q©¢	Ã§E°°”p?µ›
„dléöNaLM9ÁžÏûÓ½GÜz+»ÑöV›å,Æëhû D%Kå²dsM·î¸”ñ-Ê^þf†)ê˜€ª·á3YµÖˆHù	 –¶IËf79)+løi`ÕñµýO´®ÁDÜôˆ®ñˆÙÜ9C=ï2¥ieTx:?ÇÑ)ÙŽ[gm§œÄ+ ZQ¢õ:AåÆiù.K¥Xež}&ý$£¶Š‹\B+À.—c¶5Ó³™}”M„\÷±ö° |ú²*o„˜0¤h¸¬—ôb£Ôûg…º˜²Ÿ…ÖÎ[¾¢½çÛª"ðÒ!¸Äé`PmÝôÈˆEù]MÙ]stfÎ¡ØÌž´q'Ë&Y2‰éo–Øx½e£žNÁ„ôÜ}Ëþhˆ¸Y°®)&GvM	E»˜æ’¿#"é¸1Ì‹¶=ë!ëàør©Nôä«!)3"u×ÅC$žÚšº>J?ª«"Î*ý‹ñ-W"©Ðùò!J3†¦Ò?Ý§ Ô4?ÂÎÁ °¡vÁ"‰p»ƒy ^G£ýU‹º(ß±®oÊˆï-ê=Ê:Úg¥¿1<%{ºêÇ‹ýiÖ¡€º|gæ†b ^G^ÌÒtqÃqm1”m£5ãÊy„}ü…´T4!}Ê:AËâ$ª‡²îsB°ØÙ^ÂÇâwÜ`†c¸:pQ¨PC ¤É¿r#¸ÕòTök¼(Þd2ÍU\…¼e·ÔìÞZÏAQ˜ðîìVK„IÎQVÔ¶Æì%d,y¡ƒrBâ¿:*+¡ù¶™ŸNŽ—pØ‘<¶ÂQ–k¿NÒ.¬|ß‘§ÖÔ=u5œüÍÐ›j2«©þØ€ñ¢^`yôUÀ¬qzÙú‡/~è\Qî°iŒ<¦ã¸º.ŠÝX#qßX”2zË™z)Ó£™%cðò1É»#*yiY÷3ØD*'ö(6YÇˆ7KÉÍ•þ®r@Vh©±šç|èb®Ÿ'ÅuZ—èòœkÀû©¤‚ö×ñ"ÀÍ`£öê*IÚTˆ¼O?ˆû#O%È#¨¸üöÇºøxo¶fˆ²nÓË?qhOÙ)ÃŒp*Oy—†”˜#1ƒOÏ»³ïñqÚ±=«¤+z)9Ø>ÀÿŸn.’cðúPñAýRxzÅ_Â}V’V‘
^„ì~H¿à‹)Ìk Ù²Ëä»àAÒbÓíÅÛ&+Ú™×<u8Ì V=Ç—.
¤Ù+b (áÔŒo_¢…;ƒ–”µWL¦,Ó«q{.¶^
fBSÔÚ±G$tWpÖý¸â	ÑR^^ÏQv».mgM&ÕÌKVGf4ðÑºm¡ÆíÞÄšä8K{iµ‹$êÛÎ–~ghi%Ç—¨Œv=WB£ðIµˆ{¢²F%Höh?JxÆÆœýæBzÕµ3ÔÚ?¨&FŸý?WÙ;Xj'Ìòˆoš‘üß8†V‘ª{Wu?XÜ¡¸é{]BÊ¡ë‚ÓŸéœ3‘;u
|µZTâ,cž8Š4—³—ot$SÕÔ\œuk>ýžÈÌW>ÜP§5½ƒ<²"I„:É&é¬·‡rÃmÉôÝe–r˜SÑmÚôT›L®±C¼Bz…ÙiXZ—A9žæ–Kl´Ò¡²†lp«œã;>f¼Ösæ£l#¥þIÄ:`EŽ@ö*‰—k§-hkYªê(‚%â²á½jE 8.<ÌÄgÊ´HhU—‡¬¨ê‘æò©åKKçÉµ=ÝÕ-Rù8øÆÖóÃ‰î7gÌïIó÷IIÓtõƒÿ/Q{$=¿E³ïž÷‘ÔŠ°ñ/€”H{-~ŸzZÀÉ°“Z „D3°¹ãAFUUŸÒ'ºð\:ý¹G¬Ê|ÅÜ`ºÓ*vó«w}ì™)»ÜFzuIJÙ¤
Ð2;;>BB§Ì_¼¡-¸ì}õÞhíÍª(Ú„7èJÔó—íÀ=8öd“„Á¡.Âœ_GÜÅÐ1àW¼®•q&iÊ®b?ØlfkÐÔï&koò«wVÒVÇI1ío¦v¸˜Û‚~é]s%í3qÀÓžžJ[7„·þZ¨4hëT€Cô:«}«—B©\Góuà!ò2^v]ë¤^‹½ò¾Ëúk!]À½óÿþ]Q5ÈVf¼}DCcÓcŽÕh°²vàž'}!4\*àn¶§Õ5²n;{Öç0=PïàËå}½;RnÂå˜RdÁ–à}
jÿŽÇ %êI…‡P#$Ê©‰[k6×{±\†L]¢vß÷é¢¢J¶¨Êáe– 5UƒÓ)šHó"Pr2lInûERlÍ¤Û2²ÞBOQ3›ÄDv"Ì1Ë¤('ˆ7±¹ÄyÛ&…,ò@âì—I°1@ÎûŽÂ/ÖöÿY'GÊ…
íôöÛo¶²V=-B …5ÝfÊòK¬;ÞÃkÃù¯1³:¢ÂŽ^’ÝºÝ=bÛà8tÅû'—V^ì›µ˜-Ô¯pwðÍ¡¹žuÈK2ãÏú\õpÑÊ¿ÌÆ5]&ún;±q3<¯Ô(;Ù§ðÌÆQˆÎg‡F>}6?>Ç}öÁÆÁN£ªÌŠj½y(ZLD,%Þhvž3dé;˜k¡|ëYä°Å°®„ÿÍ7óúCpúÀ«W‘ìywŒnP<d;DþÓ[7¢ü¸ `)S´î°ã¶©j=7Feèà‹4gG«õN!w¸	ˆ<²ÿçºfý¼`Úöy;™ƒ¹°)øëþ6äø´&)ú³£ëAÓ¯ëò±CÖâj>/éÜ!“¥_^×&í£{Çúm´’<Ò®fJà²F“Ï±¸žÁ Å>þ!uÇì®ÇûFÒWàQÉê:GîåO§ºÓ.~ô´Â&¿Ñ%öõüä)Å×JYÎß0Õ99íî
Æ_dÛSÍ)Ö—*/”ª‚@Ôvß:Aê¯¶Þ?@€Ýá5$»Ä“Û a ²il!*9Í=?~¢ìðÑÇøøäk-s†ˆYÝs˜Ý§îž½í$Àb};y[ÕîitØÝhº[ë¯{˜ÜäÆÀ,ç‰÷B·`9Å/!ÎýàV¨&ï0uTÎÏh‰rSä;¶n{%žäµ<< ˆpQ«	±¯¾›%øÂ1JÈF¾âÛð²Ž¿ÝqB¢'Æ_Õ¬Ó×ÐdAý®‡†{@ÜKÖÀQ,½|®±[j¨BÐ–Çÿ¦ÛæLµíT„‡|*¯Ó	äÉýÝç®žrÖ¯0•ž9AÔ’1MÀcõ{*®Š¯*ÆcÇBÑl£,LntòÚ‹ÓS±<¥á›KÔªEBq/e?<@ <$rC£þáïçµ£‰	¯k$æÀLêÎßØ&ñ5˜Zì¬È"ù,ìæuÃœFÏ¦Ær‰ÙHR.TÚS.«Ù×ÓŒî
<ûµÓZÉÌW
i	ucì{Ð`3K"ÛcOn(È~„dÄaXiáJäløú3v8xz·A•öäK]»N7´â©T±“<ßhO!'&.KÒµíhK“ç$5ºÉyN»½µs8øôp—°yKUQ?'¦HEÀÅ;]¼&mÔ’s²M.È~§jo?ßšóÛåaF¾Â=CõYù
|½†#ÒoZ›¢¶Yµ7•¿/›E@)6aç¬„š#OÇPÝzà§±ü$ƒªAè8F¿·€ÒwäŽg¤›ðŸ»
V5r9å¨Nçx5l	ðk!;ùvô„ÏRÕàõ§!‡ÌØ>¡Ub²RÈˆœ-Ýâ3§åÆ{*óºl²Š…!w†œ¾yíÍÝJÁ®½z2OÂ+êÙ™ŠÆë½?°?N¤Mšs(êâló˜í(OŒž§—“k1þ
Wrúðñ2kêYuý˜“1Å#®ÞÅãcñŒùìÂdNãŒG´Þ3ÿ—µx„#pgïê†»"å¥dÂ±,ä‡hîÆùµˆK-2•µÛ†ù/H°+†
+³èr™y0+Æ“#1ºúÙ®b¡Â 2‡Î—ˆ*L5ºÚg>Z9•«Kì¸xO¨‘51Æƒ
ÙØ®—‰.RÀvî@É”}Øò‡÷BT‘Ú\ÍS”@õ/ÈE÷/,…ÍŸ½DqWË›%W	£a€ä)ç8Žúç.|»³ÿ£J»è;½wÒ^C.¿âuRÖ”hU<5œQù$eÜPçM¾!JÇ"å{ºÕÆz²ßõÃnô•¦{ ‡[rD„¡°–æžD´sÇw-rzfbÍá4òßÇÅ–Â)ß]oõ\3îúíÙ†]ôÉþˆÍX)úZ‹=&¿W5EªpÈT—.XŽòY={…=‚Ðùt?î
)U!Ã>
~‡Ç~¤°ç»`¿6W®°CLù<²)MÐt1Îi@[/îhÆ¶jnfØÂB‚]¿Úhlg,*OE:º›HÊ†å’§,‹ˆ@ÁjêÄàq–;©ýTÙý/‡"´>®v—Q´m8[Ü¤ŸËØŽüz“7e	WGað$[€™=t÷Á’hôl§Ÿ‹G¿›Ç`æiµãŠå•·äC>«fe°?Eç½÷àl®¦;6óHø‘Û?t5Ôï„ütû^íjÆAn`—™ð˜&¹Óâ–Ó‰ÄÝo¿2ñU¥Û MÏÒ‰LâYÒŽ@Nï˜Y’AÆÛ¢ISÏ)…â“$=Í&eãœõÖ5»ÐÒ0Ê¶yÕ³L”•ÑÞ"[Ó–\Ô6$zeéë•&?'¼»ïTÎT=%P„}¤ƒŠo“ŠÍ£t1èÎå(!úmÜ4ÌVeŸu2Œ‘Î)Ë¢ae5Ò¿°§£G0/Å€EžQÅB›ÁÖ]E×åÃ²6PÍð·hØÖ‹BAI[«ÅË¨mÚIñ4+AðÏÙ3ËG”…oÛ;ÈL¾Fw\,…O.—N-ku}Ô“À$é.Séµº?ûñ=ßVRC;^ßÁ4=p>dê¶î·ê‰d„Ø[ÔQP‘pÜDÝ/ó2ÑD«)vÀ Anéˆu²ÆÅIœí5ë’³…8TÂkq8ÜgNñlú‚ˆH,?—Ç^V;c¥…ýÏ1”?•O"*à„õ–ò¬~4	«(Å®Ý`óso¥o‹C(|:›V¹kzï#pWÃÂÞ¬«Gk ©RÔh14@„Ì
½o÷Úsä$Â!3p´!+¨ka{ë——·´§=H“£;0>?Þ,–Þ.,SóAS¡¡€'ûà_Á}Vê¯Æ'gPÁ]ÂïÕ¨'_ò"±=‹3Àš™Èåáê
ï.m’ÊZÎzø³¨nüLí¶Eªøñä—•|/a^r<2³¥³š@õjæ¤BCj¸ë¾*éW¿YÆ¬´……¥‚Å•Š´
BV#[MID1<Q6¹Æ&Kè$¿»HcìãÖCR%q,Ð,2ƒ¾?J>»H!˜T	úÔØA¡·q¢O˜°œL¾kˆ¢4Ñ×ŒËo°¬blvÈ˜²\I›(-¶“6@¢²Il¾1‹”–‰.ŒgÊ½Ø…¡Uÿ•ÊNìö—<BsG©c×("×{„úÈÓ5x—ä6{ð°3¶íyŒÒÒuè·¨ì‹D™ºÐÝÂišxõøžÍêe}*=ªXuEm_²·œ3›d³]”	ÁÖCõe…=ÏÕšÝÆŠ¦Hàär}UÍe½†\T
ÃC¶¤ÿçÉÓ<À³&Qò*j„ÁBïÏðá8—³ŒÄB"¬õËIN;&MÅ	áÙwôŠA#Ž
ÛY²kñq9ÆaÒž²4©D@¿EU"gé_–-–ör«å@Ò¹?oš¼Ý·tH¸g,	´QŒÃ”xH®Ü‚WI).^ÓWÈ7u3¼²adˆH¨'(~|]ä¼ÅxŸ|?ý¶ª)Ñ²äÃlÐÝêËPZÿÎIy …}á7æ¬@û€QœNW~'x@¹¼Üõã³óK+«™K_¸ÅºÆ-"Ø£ŸÂ„ýÕ}4•üX½&g„MYçÚ¿vkWÄ"Ø^Ptš2L\má[—€-ÑÜLênÓéÔ’|w`ƒ4B¼â2/ÀçíáR™Ö¥óv,$9ØóðEk°6¥ùÝ1}`-öF9q/Û6{{Ç×Šþ>Qå>½qüáh¹XúLJ4 ôÝäù:²kàZôþ³ÖA!ÄñàO±.ÅÕ|é${0~ÓÎ9L2—>µGÑÓ—%Ñ*£©=ïÕŸHu@ØÁï1•‰YŽ´¦¨	âÜÛÖâ©‰Ãd×DákÝåÖV]»|d²PMíÀ>yï–¼JG{_¹Â;é¯üÍrTúEòwÇ<”Ð“¤Öj¯»åbþ”{GòÛGâç2lT;”
ÞÚŒr¨f¹kå\¦Oq‚ŽK”°a%mÈÚ8
vø‡TOj½-ðŽð\méÂ§WçLêœtöt|Pt{å±0H.úM†I‡…8dH*à5Õ™ê7Õ•_Íõ&(&Øy`¼BÞ¿0³—¾ù×¨}ä~Ž4šB‘—È«¢®ZÃlZÃòŽ˜…V¢È’Ò]Íƒ”’`ìí:ÚÅñÜGkWŽòÃ}%P½¶áŸ˜sÆê|&ÕÎÐdWÂã¯84zœ‡CØÁ¼g¾KðˆQ‡á~ÛRšG-Öž`j-œfFT#áÝ|õÖåoÖ2ƒõ»º‘—{ùq~¥¯‚-ffð^þªÄKCÁ›Äéà²ÜÏ¥õxqÇ<Ú½b‹mØ×^BµŸaF€µ=-„v[;¸À°tXX¸>AVÇj„©tIB€j¬…7¤aƒ²^kŒvu?ê43*„/È•›…_¼ hJ©g¾Ö½+Þ‚°X$àª_ÿºŽ†¬
JÊ²íÉ[dàät—·Ö•>—zÇ`àB¾«9¶kk—œÄY<!ÒùåZ}¶³ò»nJh•¿_ë¹u4åÄº¸SMrµ†œéóc` ü½”Š òi=hçé`¸¨dœgì 2w,2)!Ë
WíÜo#õfg|?Ô<0²!áúÚ¤c)Ü
Ô6ª$ùLuÎz)þ6ûÂVšÝ…»ADÃr·³=¿E½¦Ò”œµ¶ŸZó\+ƒG>áÞÿ[?rhüH˜$yÝT^$kÂD =	²Òy	¬Ò,R!K‹Èõ#v¡D½	bßŒK?€Ôw™CG<--y’0uƒv€>¥È×ÙÀõÃSªÁTàªíì±ônCÍ†m+Æòßdµ©5p%e.WJ¾‘]æº"Þ‹Ç	Ü™±Ë1Ø…ïRz‘…»sünâ}+ñSˆÇy){¢£Æ–=²–â	[ì¤D‚¯êŽºØÀUV…™iíÝFõøçü¶ó÷Œ	²‡û;•7?^¦H–.g[àuBô\ê=ŠQ®ñüéõ†P	06Ôƒ-WÂ+„ˆoX§†(L‘Lu
s¾ÿY7akcšvoH»+{gù¼€d®Ú•TY¬gÝ lHÌÓ„`ù–?
è¿tgkÝMRw'ÏlJôù
›„áŠ_3ÉR®Álë+àÍGñt‚Iù[ÌÀŒ7Ëïa¾uàOFxz y±Ã¤xZ Mcw%ÛJ±,>NoØò9ÇÃ¶„¯ï‹®Bƒª˜4||É‚ÌéŒ†Ðœ'“Ô6¡çQŸd¹ÝMW›‰25ôwÔ››‘›‹<á½æ9§Ã¬ÿ`Þ	X__`ê¤:Ë½ÃR½Ä÷ð=„CÝQ¶
ËsžÞ‚wF¾ýÞF…mýÞéÎ«‡ÌŽ 3Ò×ð6RT—#L|ó“zïšâÌÍŸü58ê¡YÄâpÖÇXòØÓ\Éd™'¹kr«|Ò|æiYñ½Y&Ü–:“¸fënÑ—°Ç\äþ*ÚOÐ›[oå	è
ÉõXÅœ˜(Üz&Í”ÍœñÊ²MH^ˆfMÏr^Ð¬‚NìòÃÑÇ0ÂÛ.UJ<±‘UËj¯~Æ1–š¶{ÐY´ýü[âL©þiCº
}c»Û½
fÖ£¾¾Sâ»×á¬´g7;¨rI0”›Ëœ+A%.(X°JŽJ\_±ƒÅ¤ŒŸœš¥Ù¤`žNàó™jìY¤Fk
¿w?ÇËâÄdžñÍ¤›g™= â–~7s«™JE'B×Päd3M#ÒiÔ²°íeIP9Œ¸¦÷I:Ë4(¦.‘ó—„T”wMhq-ElÑ"Ù=ßÊdò-Œ'âryšl	-×ÂŽÊ`Ãô§¶Ë®Jßõ¢82ÊkË«¯×gŠ`Ç¤«qÑ-˜Æ`˜	®¤ÀR3jOêÐSçJjËÛ±âª9e§
•hÜƒïg¼‰X®{”|sRí	nSDˆ{&Ž“þÔÓ•O~b1 ÒpâeEªéçQ:ï˜²`ÅÄúìÈ>B50À¨ásD¼ï÷SÔ8Á…'òbôÚ3,=Ân¡á¶q¤¥+æ1K‚S¬ƒÄÐyä.gMÍž¸òCKŽï6D-@ˆŽ8{ßmGßpí4ÇKl>úÕ„Ÿûêqp¬.®7ÅïOîŒFoÀÃT=y
oj¤i³wußÏšf·±l[œµBÖ`®	¡a³‚±·q•¨ÂÐìØÛh½hæ%FB *hy`ÕÆnƒò–W«ížÝ×@ŽN&
[CB¯aXÔ~ 1"æðŽÓñ Î'÷ÀßU	—?¢[ðº‰¾é¾1Êp’1läˆI1É¥T™V#R+†h+ÜÒú’å•íXÆî-	[+D¬¾„MUokdj¼SDOZ˜´Ë²ãÒžš¡ÿxQuÒ9“£7è–¶K	¨œ3¬¼±•›R¥(N$W¦âÿK¯5šÝxë‘¸ãs'^>,áYB—ðËµ> ~NîM4Z…xyì@óññ]ŸèÕ½vi´gÔ3îÙË[b›¹Ü4Ùs$©rºªž I}N~“Ç].j7£VÐµd’™Ìˆ^LÓwa‰LN–ZÊ€ÌIÙì:™b3N3Û ô'n¬óÅ;IÖ½kå8`c	U^ÆKH…‡‰¤”QÊZuSÓÖ/f%Y°9%˜{xŸÃ*•Ú\"èïlaíý¹õÀ
¤ž6R°x–Rî§®
›3ºY?VL–c¡Öd9i\ W¼ðÜÒžŸn8D%žœÜ&²=Q®G¯º²D*t§´Íì`[}¢ÿ¼Åøˆ–Y—yäTèþmèÿ&ÍFpÈ›èSVY~·…/fÍiÕ-TÆòMÅ8óvK¸ŠŠ~ÄkÈÆNýnºáô¯ ^wè¤!ÚéÞÙàöJ»48)ÌôÀ;	KY9åQšî¿wr]À£V!3fkñ°¼+—mÇË=ìF_Z7"ûŸXWÅ=%"Xò\oAk2k„Þßªõ8As-ñÑ·®iÝ>¦A›!®4ÇÕ¾XŽã3")¹¿PlØûâ- ÞQËjm²A2Q…Ôt}!nDXŒÀôh±[É©GžkG¿ì'hj—vôôlç¥·(rƒrº¼ñGÌ{?ÜÈo63ñ2þ¾Ç6Tkå£“Ìc×ˆÆÏ¦à^îÜÍˆw¹op` ,JF-N…ú©!:ÚE`¦Æ^”¼¢#ÂGpìÓ4Ýû]¦Éà!-2„XcòÎÒnLùÈJÕY©ŽÛ®¯½b7,Âº9_s×ëÄP6YŒ@*WããMˆå€”–Mjÿ‰¥2,Ë¸QfÏgw1ø6ŠÕ™ÕføñÉ;RFqçšSvu:2[…kÅo!ÃHfÔÄEÔZ-ÒYàîßŽ3É*œ¢š#n±ÁÔmæ×g1»ZZZ²}ê.Ç²#f|úÙº¨á“vÿúz8ÁÓpëœ²áÞR…÷F¡<Ge8&0¸Ž›iP“Noâh¦W]·Ñ°Z.ë:Hf„iâ¡Éä¬²}ü.ÏüF®€‚U¦:ØP8’»ìãçÎ4ÜsC¹.òÀPko–™iþGÀSÿ÷Y™TÚælA“,¹¶3¤AêÃÕ·â,¢HˆªØâ;ûàÅ˜¼z2€ ”l}Æ…¤ÔyÚ;A™ÖÎ@hµøós…Ì0—(š9ØÄkGŸd±pÂ¹BÊÿŽº´ÏCöîö‹½Ê2Ù9dæIRÝf3¥¬³˜ *Á]Ÿð{—¼çÀ~¸«zcŸ|ƒ‰;éâàÎªÆo‹é8ˆD’y5€fYÜd$ÚÏÛˆMví¹bùZñƒJ°ï¾oe,Ÿ¨å¤ÍÑ‚D×¬‰š‹Ž8¥FÛé)eØÞD&fg#¨a_«r–Ù76û¡Pû•0ºìð·Ü«®´K¦‘Yþ×õÝ”¯êus	@ëÁÐ(²ÙAõå·EYÛkå‹d¬G&ñ+ÿ—82H@²WiKÃtn²Xdµ”BÑ…ÜOo¼\>B`7©ÕÑ+Ã¬Usƒ™þ2û6vSÙ&‡|Ñ(;–¶9b$ÙR§ÍE–£ ›Ý$J*E†b=Çò‘÷(ýÌùGI×ˆai…z[ä1ßøŸQMJK‡\—…ÃEÕo Ÿ ¯‹Ã,¶“œV—Xä¼ßØ¹žz‹-v€Ÿ3Î2ë-csÖ	GµšêõúG»ß+90`È˜!jL
ÊTìÄ27C¤}(AL,¦£ôì#Aë •}ì
±ß&Õ†Ýúh?Unefi÷.]^ý¬àóæ1÷bˆWmKöIÜ{s¨^¾×H’Òõ0ýÈ;§ê	{Ûß0x‘ù £“´Ô1’`ãjp$<+å¢¯&A,Aª`?§ûi'§„'H¾ƒd€rY±³|!6ŽáTÖâw'‰ÄIéÒ9p§!È#ô1ì0pRÓ‘ÑXàrÉº’yï
tZM'5¥A:›¥{`‹“PÌ[°rÑ·8ñûöÊ¡|„§ê³#•¥EÛt~á$_taÆË|¯˜Ì-¤Rv@h@´¬Yn:9kã^jlì;Ìƒ·‘Ã
óåäìÐÑ*=Z^Ûº3Á6óèÇ[Ê0¡i¬ôÂ_^HFüd¨µ¡´cÆï–ÕZ„’%®·5ôÅN·S)Ìºoï‡£åøkÔ,sP¬©h[VÕfšÅÃæYø½¡±ë|¨V•s˜õðà›1=ôPÜžq8Ž$Y70'ëÞI··J íqGc½cùÜëwüÿtkÊ¤èD?ÎÃ·üé*ÐAÔéÍe²]ÒrªÖÛûÜÅ]ï¨ÿõÿ…;×¤<Æîó1
HØ®vð‡
9æ•½Ùäœ¬€ÂñßËŒsã•¾÷Ž–‹•h)orH×aÉÖ¥@¤î½LØóðÈONDÎà7\]HN`€„O€lMÕØ{¼VóZ/-QËvæ=$n8Qª»	‰@à¶Iƒ‹Cs)G#»Ùd×ýµûð·IOõœ-ãË\€;0=p„ãUòÑí”â[wàªÇƒ³›{2.ûr…S<«.ºÊQÌÐíè³u~X'Ä@&gî‡]Ú:ï]ên‹¯Ís/#*èÒTP2}!éoÿJ]Î¬à
}%!ofR/R2mØ2IVÚ¯a‚ügëŽ,ÙÙz€ÈQ×VÁ3Æ4Fù³Ë„‚Þ¯ÇuÞ1°]ÁÆÚò½zl¢²ªœ~–þãQµÖùÎð^éaÌÀ¼sõüÂÅ~j}QX	A]üþ7,¬ÏÀ;žý+ôüZÖËCÁÝ“zÿ‡–Qd¾Œ½¡ôU|B³¸A™Büð’¢%iÇY£$Kïå–vÎÛ+¯W´^(˜§ÊÝm¤®"pÕl Ü1‘—/¯él÷÷_7–yªƒ?Ï”áð&<X‚vù	vÇ`9ÁX†v½ÊŸñ'ìëÀïÝzO{Æ»Þ>€\-Bk
Á>
 C!‰ÃÛôJùŽ/`HöïÁlß<‚"ó7@.±ñ¯˜¸iZ˜€Ùyñ³ÇO@Qœfò92á ©))•<ìßF;ÐgïbáIäK¬‡(¦<d3>hÅæJcdü‘Óùh<nl°ˆ±p®ä¨-«dµd§F”Ø“ÃÉd“tì¶¤]¢éi‰µŠœ„Y¼~Ø{;90bI
î ph˜
0rc[ƒ–á™A°/WýßÞ}‹5¯]ÿ-Àu…9XSjÚ9Ý¥$ÅÖ¬4Ùƒò 4ÓŒZ?Áè¤4Õp»€›ó^áz‰ü’dEË·cj±Rö»†’×’ƒøÅð¶ºûQ|så|VæHnÇ³ÒkÜ/zX
 úýd‡N}ƒñ‰:»“Å£f¬vÒ¯„—r<r˜
J_ ~ÃåÉÞv•<`±H¼°¿$ÀZáÑX·ÕÖ™g¬vžºñBLIŸ—•6'29ââO"R‰éÄñòñÍ÷B½¦˜ÊÖM¯\º¿Öe–õ¨’#©ø}2úç¢³szà£ÚëÛ¥lŽ}C¨ôú¢sýÖ@=-	èÞÝ¹¾Š®ÐTvÚò
ú‹‚q-“dæ`À‚üÁŒX‚]
ÈÜIÐ^pÀ‹=ñÝ k>†?êz‚¬·ÏkÈG%*t1í²îô|ÌüåY„¦úkêÍn*®Mx[*‹CÝ™°Ñ¤[êãTJP™“ŸÝ¸_ãù•~-Ñ3Zå@‡†ç'®1€«}h@Ô(G1×VIˆÍ±È…Úò÷ívT9Ù˜µ	Zû@«#Ý!ÙLœE2p^´Å¹
=Éú”„^ž*yö-Ý,®¤¾øõhÓ³C,‘ãÛ*¶±Dy³kLCtq3´.º'^¾{ÌÈ³bL‰Ò;Ëî<°iÔÍmùÔ^2–¯M=Æ£àå–K…5žå6²“üÕ®žÈ?ü4ùê`¤²èÐ
SõLõ[.4˜oC[SÁ»9ÂPä°u1ÌUêÄèîÖiõf¥)ªY”}˜¾ÄªÀu{W[ÍZðhŽðM˜ñ
ÏÂútÕ÷.ùÒH0<—éË ò{¯Î°z@ÁÂçüó ä´‚Šî@“Ê&ÏÇf“Zl·ML¾½Š/ðt©ûv&m,¯[[K•Ø‘t(< «Êî|v3.Ö	¥!L—ÂØé‘G”aÏòr—í‡d[ÜÂnK”Òƒ–&å,viÄvŒk°|Â«•3I¨{†DY¼idCSUtõZ%¥‹³Z¡—F!qÔáüñï:{1rž+!wé‰þx‘«ßj{?Ö´“ÁÁj"sL»UûævJ_åFÄ#ÌâÚt‹}	}%5wÆs?Á˜[4ezø˜
Ðèà«•·~ÌÐ.½)Þ}—Ì›È_È£RÀ1ØÔ[V›µÏƒnÖ|¤dì(up\šåè¿†+é«€‚½9ùY¿¹úÃ¶ÞÔÜL7ë}ã÷CMêf&uÐö¾q‹ˆ’kÁt£ÎõÅ%Þ¶’’¾î8+võœî_ØL£šyUÝü8b§È)œ--Â%˜¶ÀUk`µÕ[žB_Ò¼²7½Ÿ^d³—Q|ûÞy*{Ç‚<IG‡Mgr$·¿@<˜ç±³žFnÃËáÔMõ€å‚_ÄôïÄ†¤½Õ\
w>KvL¬åÿòÆå„–;R7¤ƒ÷xÃÑl‰íß$4Cgî³oÛóÕ»x9
‘ãÚ‚@ÕMýÝ÷{‰·gˆn8|L‘Yù\{ÕJ8|ñŽñ”RëfÝ–6q«C¢Ì÷Ç’3—Ç‰ªµê9¦jl[ÝdûÇ·¿¶€›Å?+µOišñ±@zG„Dœe¢ïù¥‡=m,Ãƒ×3‡-Ñí²u±Ú¹ªBÕó#ãÄ‡wl™2Î²¥›Žûâ!ì|É#S®¦È¶ AD7DÄ·ÓM”N–ŒÎý1âOl
2U¾
_‡knk¿Þ¢œSð
D´P–—¼‡&›5÷N½éß!3‡cûŽáN<Q|<sì¢f-xö²hç"—´,Žø=½Ï'éX~/¤_0åœw“>°·ýãQ¿ÂÍ˜ÑL'+—Â{I^ó¡ù¿:Y6Œ5"Ý®iTðÂ1ÛÝ¶áµ;ó¹¥såiGìÁî©™5Ä·xÎH%Ê´#rLB±˜¥²_ECËä„RL˜Y.n·%4qI}Rü‚DÈ{å±Ô:g*Œ8dé<›(…‡¥*õ[
	‚¼!œ—^¼X…€Â8I"}‡~à×çöF¬)É¾êE-±qV2pøÅsˆÔ=µƒ’2¼ö*Íð0» :¬Í<³ÐôÜ–öR
êYá€(žà¼‚–~QRåzGëYæÀ×u„X³à²Ñ5x³8hÊ(æìy	„º|åö6!ë‡cÖø‘9ËGÌ?~sÿß
¹Vç,	¿-¼¥.?×²B3‹ê§Ì-ýn!®e;5æu´¼¤v™ð&
ŠÝ{¬'è«`ÌÂÉ€ƒ×º
[oè4¦zòR2ž=²âqþ—N.À¼pŒ*˜ÚKN ¥kG•ñûÿH_B ½ÔˆþÉ\ãü9ídëëz÷û!þUz°kžÊBÀ/RþàÌ-% /áÆvx|”ý´Û7¶[¶Âl$?éGzâ„²ŽÍÖHÝ–qCv³Oöï“»k¡Ídëxè¡IÂJŽì°ƒôÜÎœ$ÓÐÁ›;v¼½ôï"¡$;:ƒ€®ÛìæÎ>]f1éyjZrü¦S1k}þ‹5Ü.áþ4‘šÎ‰·^—"Ø¥ºY_?ÿ7ºŒxÅ³EÖêŸië1·MÀ•ÿôü¡½ÿ*ñ9UöÁî;7ø…?°wþüÏ=ËÕûìl¯ŠÐë
 )‰±œÂX5íå•SVø?Ï¼eŒI¿u¹ùxé‡ßçõ)˜ü”¯?Æ<Ÿ)ÿà}´ž'…ePZ'ëó%þÌ™¡~ëÏM¦†Sdi©z
ñßý••ësÒSöC|á7üPtßu<w¯·î|àý‹±?ü~Ž¦‹xýèx«»Þ$6{§®Ýñ}Ì™kÈ¶/À‘è|xcÊ]Ûhïkîê+g˜9€ðuød\Ä²€$s8¹ák×¢dé=»‹Y™•¶É¡ò¾xää4ÛûÇÉ»7+WÍÇÔÅ]0è+û—ZÈô¸Á!Ñ•Ôã+ÆŽóïÿ—ÇÂõv
r4ì†`«ž‹?€£ v6òËóáôž¢NúCÙUdfár$¤[É:G2¾9—'BË@ÎíÃÃ¦ä¸Ž}ùšR=ak	ýceÝ§ð^ºI¼ŸåZÅ$Bçôý]¤Ëœ[,Q0gf™.M-~Úb;œñÕÛ8œ¿I}ƒÜRœáv)/«ƒ4ýÅ}tòëñ}û	°Daê#q8ÓåP™]ÃFgÛ@†á¬¨äÿÿ—X| &¾ñY~‰û«¶dØn»úé‡ü#É ¬¹d1¢ÓâÌÏoLTé²í¿æ7-…ÁC1‡¡ëUØÚÞðýƒÇàk‡ÀùEü—!;¼†ãlŸ8Y)'æÄò_ä_=¥æÊSˆ3? üw,Ë¸X)c‘úôo	:_óÛôŠ-…ÇÂ†.(í‘ù²jkAúÅKN®,Ð~¶¹¬Jbe=>ÞÎ‘g&ŒœÝX40šÎÕÙ‘;òµ¦6œûTÉ6Š~•µu¢f\GI¶WÓØ©ó½¶ýzPó•%¡4bœ¼QybªÕ¦†XT,‹ŠåÜ3-F1ÒëKÌ
Ðfg=!ûwoZ“Ëº›2NšÃî¾°L;ŠÆ‚,ŠoÉ7€À80l¬!ZÂuÂœunÈ””ìp@ª¹0GìÚ°óÆ-Ö0nò„}þ[N8HÕúîÕûŠ¢V\@Œ¤Y©‡Mô¶ÍdÌ>™´Aä¶\ÆJ	—oÐH‚uš4ÉaÍžk?Ó¤qBdT36?
‚&ÃËÓZV<‘›"ª_÷Òò”Ç&ÇÛ:ÙVjžk'Ó´Ã+ *¾SÜ³½ˆ¼Éàv{9ð_™ôfîd«üHÉÁ¯!0ŽaçK8…åñLC,Y¢@œ'ožaç³Y1‚ü@Ž•´u=bšP¿Ýäm#pÌž‡;åŽò+Z…K‚={N‰®vVÜ7–¡;®û|)ŽG6Qîòài¿zÆsÞÝGe?:ßÖ•ÃPþqÐâëJ£sB½mòšHí£
ZcÉ(8	‰~ÅÉ#Ä/ZïG.ð¦šÏ¤â›¯î+Óm¢)ÛËÓ´}IG.ÎQä,të:½ñwß`—
ÂäÝjs¯’zZ
g-vy L·æisÎì@>|>~rŒÓšFÖÇ˜)'¹È9>hµ5yë5Š¨>5$–S“PÚ^‰q+? w"ìæ\QÃßsP.Êäë?‚çi)|,3d•#2‘D?%&–WZ"«¼Y^\¦Ó²•½_Áál.póš;=¼Ä<±v?%ŠýÌNƒ9¼áÁ¤0[>ä]/1ˆ«öiáHÿ¢{
÷cïªzKÁ:@<!5g®Wú{Áù9½ñll»K-ª£Ï{âŸo’³k>ª»q»XÇkN|Ò=†«§¯î/ø«³¦å3RTQßð—pûãäna7,mzÆEç1Åæ R3¯mÑiùÄé
¦O¶ˆK9Õ("Z~4²‘ÑÐˆfMb#§;3¨¢3qŠæ»Ë(;ZDRížh§¦ÚÊß:FÛ(àfQÊÖÙÜú^³xùÃ™1ÇËðk<—oÇ†^FÀ?%P’ö,~I(O„|'gŒ¼Ù3Åã+;wlÔ‘Bt¤õyM&-+EµT1$ÛlŒõž9J9
÷É|JõÎº¶®Rh:›wWõ…m«.©9ÆCÃÎ%
ÏMÝ&ŽLâéÛº¼o«n6^:_9åÑ÷¬5ä&Yï!ë"|ÜyòÈÖMÞxo`ÍmÂZB7ŸK¿õû]Ù²ã?êþ,_ä[%˜Bt°Ú(ˆ.Îqp@½Îž”…ù&žpÃ`V	ç²¥\"
¶Ó:‡Š\5Jàfn‚o>9&t¦/¼í
ÓRÑÆ/Gé†8}“Ž…º×@b¦_µW£»´±]ª^Ð–Iöw/;ÁÅX]¡ËÆÏ¿_î&òŽ5Ù-òi@Weú¤\ä+™rZ)å‹Äèf¨–L‡„?«³Ï¢5rÈÆ†y¿ßð_G›9N•!ÑWÍ	Í×X~ªu+6Ð.‹$)¾d[‡f/Û™Y>#J¹C2§š
×0Îž>H¥n%“ðæA¹SZW=FÕ(×‚hªŽµX´´Ö™^\–xr7’ìë+¸¡+ö¸A–{Ã§
2¨~yºÙdLÏÆÑl~:ªáà“êm¡ë“ë6|‚üˆù5Æ<	û©5Ó²ÚL
[¥0‘7›6Ùð]?ï–›ë¾	’ŸlØØÉ®ïnÜ;U”°õ8§“ëÓ…âû‘|¾*äÓ“ÿçùD@4H,œ’áKBó|	ãÌt¨qNñkW0,²ÈŒ6¥$y™ç~ô„UÇÇ4k9$«†î=/‰
@§X)qéõ#N³~¿©V™™ŒÛFQ:ƒE…V€J9‘°Ô‰W9Xr¡»¸Ü$\ú¾<[ØÕ¬®xKv%ÂØµÐËÌ³cõïzöØ,z„óJs¿ýºW™ìÒÞNrÝÍ2·"EJn²ô°³×Ž¹®À’‡¸z•²âÚ˜½¬Tá¨è’ùà™:«Rö.<ñZZšÇFájEò,ëçÖ=Íž˜"1`ùúkdÄ„*…}$ç0¾•²ßå]ld$R
SC %RßÿKsU—NéöøýlU7dŒ—<u[Ímé1’%:®]e©D¶Fb6\ñ3
4Z-vx†íÎš/ÛˆlÒº o‚~öZw9tmqWPÙÞœ´h0ˆ«OÅ4yé¨È·ÅIf¸Í\SEµÓM<R#6·Q_Áwé˜áøw¯€µ¸3¹tM!½(ÝÖï—ËÛZ8wõî]èÎ-°ƒ“²ÈQ•gzpd©U|æº+ÿ6Å®ÁÔVv¨òª¶9Ö-›7`ËzgüŠþzPâ?Æÿù»lZhZLW†*tÙ»””Ê
_‰	Ö,¢¤l¤³É¤4äeûvI`
þÄup âðV •AæaEMª¸52J3¦ }Ô€ÿÂðèËtÁDÚuyóþµí‚ZI5¢ñÀÄ2Ñ¢”4n¯°³Án`c×ZF]pÞÝZN.IwÝÞ1lÜëÍ2NÍ¦š‰“H½- 5É#Ê¦‚†O¾Ý§ÄîûùÑVyîÊé}vrÌõÌ'¡²‡¿ÎŒ\RaÏJ-Ä§È¥ôÃ§ó'ÆDZÄ-’rÉe A¸"Ï.º·í§1›ƒø§¬´ªuªÚ(¸r	Å7ªÄ}C*ýˆ’K¼=ŸÔÞóksÇ¢ÚUWM|è9éíÆ^;4´ö|ö´¥”w‘)RoÌQ« "³m¹
ÊKã¢ÅvOÃŽÇrÍ”†šGÃ_ê0É„é&³”¥™&û…~±©º±ÿ•èüÒÕ7¾\×xÜÂ›}7ú°ÁJˆÏ²Trªfvÿýzæ…>²<¦œ¢¯å<k[‹¼™(êyçåJœNpr–WÉú¤LŒ|à[ØìKæîa[;>rŽ*>ËÜŽsæ›á÷³¤e_hÛ§vŒÏn¸¯™*ÐÂZGÅlD6¬oñ7YþBl¼~î°µ 7X²\Ø§Î0‡þ ¹ÓgXAU›Î£ä¬‰#›dódþŒâv4µzÄ¹'`®‰9ôWøÓ ×¼fVV<O*#û:‡ ¾3{×¾ž:œƒŠÃ€”§mN	ñ'!¥’z®àl	°õÁbA‘# 6ÆËc{æ¹ÈpJžÓ§á]í@¤l¾ka¤rý›©2JÊ!1¥Þh¡ztÓGÁŒ„l¾ÿüÙÙa5ð
¢Ô;¢Càf›Ãí«†'X³1ißs@çixÇ&eb!ªêB·ã¥]ýsïVL]‹¹!Ô«oªcrÚ°`
Á=½ßÓÄ³ªm]®ÈÊäSY ¥füæ¬;$úi¨Íé6…NØ/ôMï„3* °F}2òR*é‰¯®…„§éÇGI¢´]™Lª®æÝýOý†‡äèlÐîìñGlÞCœmõ£Í¶£JõUÖu/T.¾sÎÊ!ÌU-¸}áñ¿á>x.âÒf-¯+Çó•EZÞI²çV€YáyxÚ£õ?XS±,¬Ýi_nÍëQˆúÆç€Ö*$È(§üa_B–Xf5÷3÷!úY/@oR=¡y}€ï(ÅToÎ|Àv,”Á„}¦\ÒÍ"!ñÍn-:ÁS•™ï3Þ÷›þ2m/£Y/Îà§"fˆiiü¯US›±¢`ºQýÑ»´é¡½z3·?´Ü£ìB-–2Ó–jbÇ òœŒ’q³„o^|‚§[=Cû+ÓhS{Z~>ÝÖçÐ„ÂxVèßþc]™ÞÐîât¢GµªÛþ+ÛŸ=ýDìXé6ANVÅl,xåîv>‘:µò&ëÉôßZu·OLp“¿ÀÔ¥î[‘4cyÜj\²À®B?ÛÃ—²é™×Ù«.GñZF‘Q™h	d£ÙVu{åF#’!áÜîO2”ˆ.-¹ûÜu :FÐ99ÏlV6-ºs¸ëÜt4ŒAìjÖ”ãÊÒí§ð--;8UF"ºÞÐá4´Ñ„0q®IqP(‚©dÜ«.Í÷¸4Çì1Ù7É¥ë ë`Ô¶Ó±AœïàRï)hH"¶’f,ïv("¥27¨DkUÝ•&œ÷X”¥Ü¬êhåãÊ›æbUÆÚYÏíœx
?pKÊ$*ŠuKV½Ò“ßIÊéO]›¢â„èåÝ]sSÁŒ°zCùÇE1¦
ùöÈyKÍvÇgx&¢Õ3'jñ“‘{âz\9ã¦.™Û9Ï8'Y«|¦Xdþì£%ê<°-Lêæ#¡1NwòÑ¿€ƒW(NÏeJhelBE¿°m¸Ši’AqK
		€"ËŽæ+] ,g¾SÌ^o,I*’]¢!Âpkˆ$k‹ÄžmE³Hl^Ý™¦ÝÍ—êÑ—¨Â"°-˜Ü§4»ºêº‚Ã`	¡®'J›‹²5müJt–¢˜î©Òæ	»ÝËhÄHF“šQê¬âûÌâYæ]i»Éû2gÍ¨ñ¶¾N;<P^üÍ8Šèº`é¡x®’áíøë[Ýƒ8í¶I-FŠî?É&%œý€Ÿ:ÿW½Œ¯ö¼Ñ{Úg¯#Ø:ôÌÀpCß(àª±´Ð,Ñä®pxÍ¤•R´^&lDà¥I¸ëÊè.wÕ¾Î``S*YôÝû¾k;—Ï¦#ãÈPq´sÖl?Ç(Ž9}Wæ4¿c¦?€ºÅ›5«Àwæ¦š¶j¯(8é½ùraÖ›ã<Iœªâø›öÂ·ò/óÿæîÄŒ{È¬‹ßöE@ÄîMŸþzÏ,Ýã‘©1ÛL’ê.„lµxÀíMÌe(f0T§^?ÁÇ)‘1ò¿f!ý?F{öë3R®¥$ËÊ„Œ"¿Çg1•Û´k9¾T1Xób‘h%7’¾*q ªv7ö^;I@h‚ïé0AÃ_ìŠ€Ñ/Ïô`ËÈõ–@0¿¹;˜ÅÊ~/ƒr#¥Ì9œœIB†o…»h;ö(œ¡]ÃvËÈY†ƒˆ,fG?”¤iSB!>àJ,û“þ7%rK1Ýå;™$×G¹Ï‘%¨G`Ù+LÏ?tB†JÕqâ¿&¢"¼bÚ_¹åÅìån	%„4-A¤O¾×2%9 ¸ÝÊP	.tIÚÐBjmŠ»GgüÈZõ†~‚ªäµÏ7öWÔÍüöF³M j÷·õi&E[2>-Áqª‘,Ñi;¤ráa€óÇì`=0æ‚Ì ´«¿ÏlŒthQŒ7ÖPN!R+ ŽF‚tzÜ×‹J@Ù>ŠtOÏ•ð0 %þÉe¾tÊS[Ä³c³{¸ó–.9’×¬&öå;ÔÈ(e1ða+D‡yíGepšÔ,æ-Ç¶¬cÕYâx°ÑÐlRI7 í¼*º±O>²F|Í‘T§lŒHŠºs—¿4#¹ìA¦63zFV8FšÇQ]hð|Þ2À{…ÕÈ˜D#ÅìÍû{QQIàHGæeìÂAvá¥Q%&ÍŒ]n]:S;êì=¶[ROa©‹Î©°æ<Ù=Þ=¤„F¿-í|3«©Íâ&%·v]…ÂÖ`\p‚óÎzÄé_žg´ŒU°‹X}sSŸÇ¯4´IyÔjîáuóî™ÓÿÑ¥ŒzX	Ÿ’FÜpŒwZ7©xÕo‡õ3Œ~¯”#²˜6µLb,ÝÃÿcÖÐÙz»‰êv“w[9ÕÖÔã‚1`¶º?Wˆ–·±æù=˜Ä©åø];YÆR—k/´?¬M Þ&]?©ø1Éÿ)ìÝÚJm*GV‡¯×ÇŒŽ	˜V-fNÜ<çßÆ¤á’
Mõè£¦–¦}Z´`÷m*z¦üÎîCZƒ˜üþ¹hºx‹õ?p|ˆ™CTá×í`“4êeØ;òÕ‹ûD¯>ñ8Ô™jÔB™¡Ú	ÂÕ	Ô˜ïÙô1ÿ]P$Z5aÂ¦¾~¼[ì>¦"ïvKq5Rmî-z‹¶ú‘Ý‡^DpE E´39¨(“¦»©öï-¶Su|Ò0¯c&H“	»st2ã„Í&Më$™R,âoÜ³Rñä¶!õ1æŽÒï¢å=šÈlý•Çšâö°blJ¡$ú¯Èi¶gŸâKã¿/¦+ö²ZKÜ¸šQÝFØkÞ³$’_%Ø–ú¡} 99W™ ÓÃÉ‹ÖÜ²¶©eNLr*$îgºxg¿MÖÛp¶†uXwUüÃn™Üª¹m:×B,x³¸Ùp¯óž˜P^ëä¹?\«ò'qv™y[HžƒÍI-£wSÂIHëomìºª÷\ž÷f#;5‘XýXd4¢DÂ-”Ã†ªb?¸Ç–ÓÕhÈ§“ï¼=ŠwCÈ„&b&\Ñi¨aÃzî\{6rvØ(q1N0f²K¹ëkÓ¸*Ôá–qÇ¨eZõÆŸíú²a*ùºî´ñQwZÂ(o]µñø‰½^ÁOØ4þŽ<•W&Æ )!m2$å-sšPÐÌOÿÈè»°Õ	Açˆx“BPÍVó¤‰íñØú!Bö`Ãš¾FÓiµíPÏÆÜ”äQÇ–Q)j·k»ßlÝ}¹ýi.wfK‹Ä•¼¦‹Äpf9Î9ðòèæcüBŠ$>Á˜¤oe=*ã¦¼2‡àdï°E´&=µè(xµ³bÐ\ÖÔVŠ¸Ù
0•]Ûøó<[’Á“20}G1A›ÃáÞHá¤Î=.!ª‚ê-ëã"«eìß\žÄ>XYb˜ÊBPF1g“y½x”&Æ-}Ñ:iŸFƒoàÞKDíéZïõwˆC‹Rà;¸õ‚&Võ1?3‹žxÂ‘,ÚW;‡ÖíJ©(`ö‘”Õð	ª×]Y!Y’é}þ®°w“3Àì¸ kzXãsÍà‚€=-¹]¬hÿC± TLX÷ªu6œ62Ö:ŽÜÜÍW5ªX8ÃMÒ[—eO•0ÞY[CÃÝ9¥´É[¿äDÞ~%Ñâ¸Ž]H¸bõÁÛù¨óôõ"@¿í×‚¹ªã‘Cƒ]Zañ(lé|BáƒÖÈ”áÒµwlb
zQ9®)6Ã¬HÀ´7ãgWìÊRh…‹ÃD6a9ØEVrd=GŸIâ6œ§$Ú¸ÚÞô¤{ù¶}ÓF?XRoêf¾í¶uÆKù„k¸²VªqD‚rUT¿ßÅ1Ò‚NÖ¤,™ñMÁ$™°,÷
ãž:âáìÎÝ9£“*ƒ+”…“i
Ø‚9ŸljÚ—PÄ“ñKš2ÿïÑó²ÃXJœî˜!¹®˜!žI«°éÎ…-çm¡	.êÞjüÄlÂtò¨‹-š[Ž™F
Ù&±i5Qïµ»˜=™Xyñâœ['½8ÊJyåD(S*Z¥JMnßµñT½ãP“æõü½¾QCbºgˆ˜^ü«×º¶šR…ë¶.À-f^xƒ‚8v¿Ä¼+ÂÝÑ¡	:Tr‚y¢ØÑfµ°al;Ã¹¤Ú”kÑAÄRó`Š¯ÇK$…×=ÍÔŠíÇÄÑ¦
Æé´z·n^›	‘dhÏÅ~‰>p—æ¿S±Øy/™Ä©™ÆÉsÛI”x(!vY«Â*$öÕ+ûµþvÔVÀŒ‚£ªÂn+R#— ªYx´Î/9VvH˜µ©,T¢~ÑÉZ#¢®¬oÜ:ùôd;ŠN;—Â«°Ó*›™M¬Ðµž Ò°u
sÔ•ºŽAfÆ|p2l:Ô,‡Åg2·‰æÁCÐ`Þ7õêUøL½"ÍœêXBŸ5€¤h‡˜Î6H¹ÁÏjÃ¡§}ö¹ó1ÓñøÃX˜íßØÖLz¿n4YÉio€4qâ‡¯ˆÜ†\–:~8J›•`²:^÷˜Êë”€–‹~ªã³aÇm˜R]<9á‘µ³5<î‰Þsàu©ëþþóâ³ÈX ÝêV»Îš®ÅL›ÀÍ3XvÏ§W!ñ½yù¹•wÎœv€H×tRøÂ{"dW[-%!-«fƒË§Ë«
‚¬ª'«·š‘ˆ§ey›ÇM4v'{çÍXŸ½e*>5–H”ÞA{3x˜µ‹õégG"î+óU¯’9Óx·°|ÚYìÀ){Õž·Ñp(}µ¤’ˆL†¯°~ôÍª/ÙàJndV?=°öa2Ÿ˜c'†¸(¿‰¬×šLFR ÛúAå«¨Ññõ¡OÒú?®¼pùXw9Üçõ"
ß@xus¨ºNNÂuEÊûG7ÚsG_þ›×÷·/º.,98ª»ÌKÀ0
‚ÿL¸¼\^Ôñ*óõ(´ƒ‘Ì>aAëºçú_EÒŽ†á—úé`NœÌ›,Ã.;§¼¼¥¦æ²m‡·/*LAJ~œ`z1ñùÔzz‹•O
)–ÎÉ0Ï¬ÆMÝON*àmuSÆ¨nFëûð‘´UàBóÑ9,ª:V=ŠžóÚJGTó»Ñ ØÉÌNÊû€q§ß¹$eæ¤rm=ï—»Ñ7¢6AS!m‡6'€NéW{.¨v¤"i.nG±¥¾}U©âÚ/Ï;OÉeÙí¤Ï4ú_>Ç‡rŸwà*¡<Ûúl"FE“OI¢ìF¾(v¾EY!{ãmuÕ#_#Ê´9åÇPEv§C¸,g±Ë©Ö8jÓÍØS])ÐÒvætùÔÈ&.íNª–ÜY×r…ÀÒë€Ï/=9èkëZô@žÏƒòZ!R¾Ê{YØW=ŸÇäZW{ótè
½V€Ž¾:ÝìÍžcò)ÝƒÏ±t8ê™žkñð÷’órÞ*2˜µ¾OyÜúcD´ðçÎæH¿»[-à·Áß®b+$>¦Õ¶rÿ£ƒ[}îÏOß=Pç8¼z?{>Ái-jý¬À;=òá·‚Úkç œô¹ó|R„ ìÐ©;o˜ùZïÞ»?·CàäVº\@ç+‚¼Vª«êH`98ðG›r¦×1¤ýj:/£®5Ò^Ö6
ßÏ_ÂáÀùyÀ—Køó|F‡~`s¢Ãõî·ç]=¼+¸ÖºV¥;ë~??—†Œš
jíÓk¬nnŠ¤š·~$áÞsd8ÞlŽìÃy&Ž¶Ø·=ŸÕáÜïŸ³y8ëÓuÎÒ³Â½±Ï	GRpÎU4½ñBÉÙïçÙ‡Nš±[¾teà˜³U¦{üùŽB(±½VäÖ1ë»kšœd¹¶¶PŒ ø)ÎÌ¾Jsš#ÎÒ}û9ôáÜ¿Ÿi8—}üAÏŸ6œ{ógÎ8bö¯aÖKÌx½ï®xb~æ}s">úV xÛy› ^„L{!‡o¥ûÓñRûÀsi]‘ÑÏŠZëÆ³yòÍ¾Æfsê*“]ß‚YuzäˆîŽ•êCŒs&®6[¤µkçtRûD3äL-µå¦õ?°?hØ"2%‰&ãœ²M½´¼s.[ C‚þ«qZ÷â€ÃÕG(4Ëfxt£É·(0¤ÇJ©U-’	qr²×þâNŽ>AÓ~R†ÀEçEB¥?žµˆ”åS4êYƒ‹ñ¤ö9`Ls;ÙxFï©ªÍC…_°XrLù¸]ú½ãÎ‘d2]ÕÓm˜
u>$Cig7&ÊƒËÓs–e2%ñ*]¼Í´N5`n‘3È‰ë¥ôÛ)0~@ü2,°«økòðÞéŸ…â@i€$×í{è¸ëõ·ßFaÀ?‹ÝKcå/%ågEnÅEL¢Jò’r“’†²x’b2i¹]¡!Ñ"Yhˆ0…`ƒr>l>‹=¤HÑ´…Ë„`h	°1ˆ»ÜÔ´ÍGfìŽ.ˆD˜¢®®þzsuÚÆñXç§öuÉh4º}‡·a²€Yçr_¾áêAQßÆ¾-ßU°j(:rÒl“ªfÎ³Ü¦–vöÜ½ü
Í\¶¬^“bÝC¤ë%r#ˆœsI²9ž3ÙÚf%ÊhÓkí[’–!’éb)ÚTÝI¯pqer¯ªM“çw±‘Üd¾kæ%úK,¦F?6¸~švü¶*lopñ†šK±73eÆvu`þí‘™Z·É$ÊŽ4î{h!g*ÀC©5ÇÔè—!^§Œœµ1*ªèÈÅ´žgñAoç4oIˆ£,\,ÞiˆŠÊJµËL»°ƒ™gû|nÒ°ÁžŒâß¡£ëa‡*ß¨ýçsâÀ®bzÆ»{O+±0ËR/ü`™fxà›˜t‘ü;Å<äxÙößù”¾VÏ÷\-«ÀL7}Äì]xbãeoFH¾:‘ù_µQÓõ²¿^^÷|~ý0ÿµ;¶f
tYÝß_M5â3Æ ¾Äú±îO£àg?[óTj=sü(FÑ’‘,þZNÔ‚—âˆq¦AKÇìY©ö\Îþ¤±0/ª´4&rŽJUÏviÂpH	ýæ@xV’"û²aH{.¬Q*vÖZlh'g,©èÏ¹í¨…Zlk‘ñ¤;¶3õ«§ï€‰àÁ÷#túÍ©•zzðºiTß?Õ4ŸÙ9<–L	¿³ALAœ›aW6¾>²a #çÁSý³äzÏÍâÂû·{)¦öHdlðX†è¡2m¦áÎÅjB*ÖÜ®noŸp0>Œ¡±¥‘&±OÃ––b“‹¶˜íak”B½Câ5þ¤Dá¿ª[bAºJvd•%\£çà°¤Ö'ÐI¶S"Yjõö–{¹kšÌ3–à¦h8Aä‚ƒzs+^–d‚tëQ,ßË^Î˜&â„)`†0Ú+Ç» ¦åÈ FËÍ*Y˜ÆS¨Sî&%Z'ö˜q«;¢ÆšémPÑC\:Çæã(-¨3‡’õI4‰ˆ¨XLV±ôÍŸlè2X¸]±«!Ö96Zä”Aò8ùõUŸ…Ó±Bì˜O÷µK{9Üï9½L¤\‹Ÿ†ŠtÍë{ªJ¿?ðÝ$ZªK¹F¾öÓj†µŒªnYœ*»¼é¸Ëê/$pz/|Ûå.O4!kaæÃn§äÞ6ÄŽÑXØ”|z×¾âñÎrpáø–€,«ø"ª…ô›ñ¹Æg¼§iœpœ#‹'ÝÊ/RÆQ+ÙJ+´6âbHìßÈ»ÚÚúþaâD4áhe/¼t`DÍ¥jãqC(†räÁópíJü®«¦`š¢Ç{°iµ1@~ ÀDió.¸õ4g®éÍí2¤éÁ% DL5®†ÖáöÅ‚m’°oË.}ýùØÁ%ç|›]Ñº/2SeÇšü&Ûm-ÜâZººÁÔœ	I·,"ó²dh*¥¬MxŽµB6„=ç©H{²ËG“ÃéI3A‘¶“ÞÚñµÖÑmv8Ï¡–\VJ‹áƒý’t"ôùBö*ê§èºÊYmmb™:íËþ˜–l°ªJÒ1bÅkÿ"9217A¶K8>°ÍsÌdÍˆ*6dƒ0ªÁ¹_+&hÄ+˜jÈT”‰Â¸h9“¨ÁtIˆŒº5b¦% õLäfïÉp\ä]ÀÛ›6›$û·öè5†-ÍÊn@7°>ùÚm6¯Ì ›÷¶Ýæwò½9Õîäæ¡n£‡Z±UYïÏ’;N×j‡‹aæ[ÞGºÇTž‰ð=_3£Áš“ˆ¶ãŸ`ÝÎ9ÐÈüP[©>nQnis¬…Ù-Ø>Ïyy~ÎÏaÜ2»h´4
†H=}{‘Ž¦n VÇõFB<Uð <ÛPË¾I½ŠÇ&AH¶\qN—•ƒÔksäìÓš¨ý$¥õ©	Þô`#îþõr¯Hë^_‰bytšóûò£jC(RPW@O¨	²GÃd¿ŽîøÉÆu,b…øí;e1®#×ÑŒxù¹µú»ääªtQ•—ŒJCý¬!!ó{hž.
ÓGç£š.ÎÉhÊñ{â–Ûr@¶Ü·–§w›«›ô‘&<2šz
ý!ÿð Žm7‹/Á¾îÁý¥æ:ÇÛ-Uòëûq4µQÀ€8ïÝ}…¡&»j˜‹§Fï®#ZTãŠƒ\kDÆÉ2¼À «N<{Êßk&¹È	úfï˜Ö‰¥2áx:68[À(ì~.v¬ã$òTÕ’ ,ÎËË|F;>’Bn#²Á%¬qŽªulcž|p›jžj‹£Éõ¿w~yë"eÅ<}ùýý¼Áø
Ç_¥»ªUaG]ìóT,}€öhÍ
›Á0SÂÈÍ×Ž	²× P‹¹‡Í¡ùBD=XÀ”ûE¡èI»5Y¸7°mJ•¬9ELÅ¥1A:a—}À©?‡n»Y˜“ñ¥ÛÃkéˆD¿þa*…Óª^1¸‡?ß²ËÎYl9·Êµ¶…ÙqÓ…TRíŸõ^¨£´õ=®œóFí©Ÿ³>ëÌ˜û†
‚5-bx0ÓÆ¢:¢¥8VýŽsß³R‹´ÖbÖá½møËû×UIdœFeûÚ4ùƒSì_MŸNI ås•·D8ñagý¶>¢
k|>³=î©^Æöo:ùœÒ6éz™x0€S>€Ÿ4×[Ð:“¹D
°¡ç¼Zñ”dÜÝ!cúÚ[ŸîEKw£Æ3)d³Fö‰,i¬7¬{ê$Ë¾l´Nl/¸ÔTüô‚Ý{ÏEˆ[Öš2Œ˜:!kt¢$ñ†1ª²Oõ}+QŠp,Ý¥\^„d“î™rMò¾;BlE¸¡,å’ÃrfÉ™GwÕI×	×'¨)«(‰mm(Êö®nÛ›çlšÕ7îq±yÇáõ¼ÙSÍ`ü1«ýêb~ƒ7~ÆÖÐÖ‘ÏZÓbd¦ññ¿Ã%¯?=3!w»{]Ÿ-,Ò‚ËBþjF™ÅÚ».‘ÅÐy>%·²“.ÝÏÙIÇzUY˜±_8Ò1F2U—>``€·ýGUB…j›F
3ô)ÍðxîÅðf¸RÞq€šî÷çååVôzŒÏZÀlÇâ×¶….3-uÓ;†E	9ÛÄžíxøå2Yuƒ´N¿æ†{6{îWýâA¡×C/±žšüÕç<÷ØœË
Ž“ÖìÐ¦ßØÏƒ=$‰YÍQƒî¯¶»µpçð1˜šó”CIÁfßØüZ{|!( ëwXº‚åV^<´º>„`€×øV‡õï|ñþE*tÒh2+a|õú¹wÛ¯CçÁŠ~Ê–çF¦èªÈydÁ]€ù=øð©)/Ó²¹Š³FšÆøgÐõ+_õhLNÚô©Ý@L4¥„§¬ðaŸR7`l¿˜›tÄErmª¹™É\ßRåÒ‡sÃ1·ùëRþý»mÊ'[¨©ÛEm&R
—˜½kÏØ´Òï¢¸»-nõŒétð˜Ì>9ùÔK–mw¬rŒO@›š¼•V-›ñižJ|cŸã ³¤2É3¦ô×þë‹é‰1×|Ë"ì=HêmÚdyJ‚‹I³î>yàÑ¥‡ã5lp¾Ü+ìÊŒþ œÅHÇ:j$V¶Äªz¡½?5ëàQQõÙÂ»%æÊó¬¸¡Õýl`[1ÿ`ï£¹ŽøŸ±¦,!¾4›b¹÷ˆûˆ}×Ç èùüŸ”•ØbGŽOÖ™T:_ªµr\¤½Ão\ËÃqô "÷LëšÝ<?FW`‰À–ˆf^ÏÏ½9”Ûi„ÕÓo Ûô§‡¤ó@vûy•Ÿ“1Ü`Oœ—¬¼Ö&)ú ¼>€’`½3:Æ>·Lk28³V¶ä-ßpÛôÃêŸ³Kãx<¿üÊ“ÅòB¾g]Öƒç]¤S)Wþ›Ñ¤LAéƒšÇSR©H^]˜ªLü··šbÎcßfœåëVh^Dò6w¾™¾äîUŠÉHXµr8ƒèý
Ô0“+}2ßa—Oa‰ngíÂª±K2†÷åÈg<HçS:°ÈIhˆäÒ	7lìÆ9-äUêŒÓh\¼yK”é½ôˆXéþˆl‰%^R±zzIíED•ÄJÐ±B›á^‡¾ŠUK(€Õ(²Ÿ‡D¹£³!YSrŽjsÓ»#‘]Ñ¥ÿ*}AÞÙxt´mŽ!³3§p<–"áZÔ'Ìâ`Ž ;Ë/œÝ…Úb=eîÓúcfïR1÷$ÀntlbàE;ýÏú^”D§ü^Qºüº]ù}4Šfœ‹5lwÎTÞA+œ&0ÃÅMY…0÷›6¹M¨ÙÅ-ÚˆÙ£…Z[à™ðÏ‘mºí$F:<š¶Ü„!uÍ
ÛÕ´A~;²eò0ü™¢%gáÁs¢kZlÉUñÏÛ‰ÿY²„ŸÊôc'²Íº|h¥Kœ1][Ã¢#páQëY§ h©•Ün|G!ÏûÌýà èðµì‚|èu»Ž<mYytÇ“Ž•ŠL¢“îŸ3V qTþÀ´WŽîÒ}mß%¦V°daÞœÖvYOá¸›
—‹e7óù.k¸ÙbUéŸ2‹N¶ó¼ØØÆÒýNì1¹ò í³UŽ¡ßú.É€½ùEÈ(øn0^Áœ±N‹??¤Y|!@f†ý	üÐuý‹^ƒVÁ[ŸØ§Üÿu¸VÇXÊ&‡XxaÁáµ|/'ñ™£-Èá/Ð©¶mø8î~-–g2ßõ†^[Žï`]N…éqç½`|èWbÝnºe±O`h³ªxö:ñˆŽÚÔª‹V¾Û³ƒp/°ã¿îGÏ[-wÚ}Ü Zb‰GƒÉÊû@_>ÂùÔÅçŠÆô	Û^æZÓpŸu²¼ÞJèž°%w=ä³ë¶là0@ö¤ætk"ŽŠÄ'ER ah7dGÅa®FšPó:ìµËE!á^ÃÙ>$_¼´íð³±¿‚oÐx¸+æsGlçõ:•zçô>w¬,Âræ×èw r ìÈq¡qÄúëbüQc£òLn…-˜Zˆi¥;ÖRå¬F&2ÃnÿÒP’²Ô
L¬å|‚Áô¬§5“…“g6Ï„õ“¾›°±^¨üm7*äÞ?ñòEEBd!{r3Š\¤JÌ‹y–[?ÆºñèŠí
…Ò`,wnˆ»:ÃMª`{„]Õg&pvl:ËaÚÕm¦þØìWz“~c¾ sOfÅ®D-êPlú°·ÂLvä¿ìæ®·n{©u'¾#íwëÊÌß1ZpÍà-Ñ&F¬)j}cz —LŸõË£ÑôÁ01Ÿv\1%»ä$d‚I8ˆÜð>Ò»…ý±yÈþè£Ä‚kqÛÝH!î÷\2ÅEŽ±pY|9£Ñ¢É>3ºáœG»„Å'dGÈ_\›acÏ-×¹˜BÛt#Y¹Ïª²h×Ð¡ÅÁ¡au¸ußÂBÚ!ãê>ØaÄ(,üƒñßCH(I#FÂsî,…Œãâ½g¸Ôb‘Jú¶!´ÎXg›Ûùêaß*}Qç/ÜõCòåßës\~¹gU;†óîžÇ“£Á	qbÑ—<ª¢Ø8Ž3ù‚n òòÐ`9Ïü>ØQÏgf§Ø¬
E;„õõrªôr/ï[wÃtÐA»œbˆºÂQ*¤®µÓdµ¡ð&wïñ‹Ú‘)^m˜ËŽŒQ"™«	®Ü2¥ª=7AœY•ˆ6Q/ïðþZ;••<P²ìµ¾[J<^©~Muj2{›¬|9<E+M»¦µÜáq¤Ò»‘Ùj˜vÂºéC„ÜÖ‰j”¤“WÃ‹ÉSy²Ø”«˜î,nàml·vœ×(4xDT,Rž$;S8pr¹F‰*)ÇØ±©;âÙN@K¯æ Zn«ÍøÍ_È(fñuoùTymÄrÓ“Í#ýD,ãH3ŽF‘É3þÙ'XÞ„èŽrMq–:¥[ŠÛš ß^Þ[¶ñœ…±ÂLó&¡16‰ÝƒªÚ’éµågÂJ	™FÎ?7ÍâÙo¤R¬8±lÅ=pÛ*‘Ã1ò¾hÊ¶Š¾½·r,gØ°Ñq´Â ÓÂåâFÈ‰okc‰L¯%›â=ÉŽ\m©¶QS˜CcÃô|ùzžoÍoÊsÍJÒuóår‰ÚfGŠ
Ö4ö5+g÷Ã„>µµóï¾/ýf5ƒ•¯€gã³!£¦á´ž
©‰‚¶Wâ·¬?MÁ6mêç’Ãåêˆ†¶©ùIÂ’©jvé‚
?ê=%´à®Ö9öÃ|Y>8Ñt/`wšE6M×`>é{tˆ%•s{šoÑoÃ; kÍEâ	ë®!veç×a²OXk¨ó{ƒ†X¥o¾O”‰QmÙ6hÌm$—N·aÀ`8b†¥ë‘a„Ç-9r™h‚SÂN‹wO(=G¦âˆÉ¦Ì	`É5™-ÑØÙ±ç¹:üûHö‘±¯å)çnÝÓ…Û_Qˆð‰DF4Û;Ÿnƒ
Î6í¦ÌÄóeBO¶Œ{†
Eè€8 ™©Š!±ÛUßƒ&‹Ýá~<·šºd¥!±4÷üÁ—´÷UK@k' ÐmÂÉP?Dd¸¶?µRC•,˜n»XÏž]bÜ3‹°ex" ±F‚;©ðHÀÄv—0ïÁ…¡ëXøhþtL ˜BqÉ[Dß5h3q§úºÖ|Ê»-UË„SæÏÝBj_7B3ÿá»ÑÅóÓçÖƒ ÍÜÖ;{E÷ÐhÅÐÍäŠ-·YY˜‚TÝª»ÛàI²÷ïdÇ.Õ{ã¨ÿmBP.--ç$¤Ï,g$C’Ç}Å2v;žL^R±ÄÈb*àXáÂ’—õSósSˆ©[±‘ŠÔÇçÿhb¬.+ÁLê+§ó;A˜;`c¥f3÷8¡çv$èµ\_³U»$ÆÛN–æÌ"cÓ´2W 
ÁÍ#aY2ž[V¡+!³3e–A!t Èˆp|ÃeÜ¼À©Ì/Õto¢_·…#–ûÖjÛ×¸dûótr²X½©p{;|Îªi…ò‘¸Û£Êi?—êçŸË4:Î¥m÷%Ÿø¯²ÜM6]`ÿY|“Þì¾#;éÜ¦}Ÿõ²õ1úþâî ]Ô-M¬•*• ÙWJŠñÉÛ$[+.!ëç&€tbg"E!®!) U‡@rÞ‚íBÜ„ºÄ‚Ù,Š4ö5’2H3È%Ù}×€pÂôº@ °í
ßsŒìK´ÅÖØ‘
¥`Aé£Ëß—paá68>-ñ¥æ}rY>F/³I„™ã¦~ãâÜõ~žË¸10'`	šE~8(ìñv‡tÕú4N…ùñçèw·¾¤œš•2ßÐÍ$ÿEoä+;§?@Ø¢¶sjài;í‘SI%‡P¥OÃgeÇ¨T) Šë1V6%’B@ÏÇ±,w,Ü P8zƒž”«ÈñÉÏm‘g˜u×mX>—D‰_í¸ÓîÊ¹j[š®]µcI›Wq'BÄµ™¾ÒEŒ°R¼’xî?tV|ÅéE4K–²JFQ£ï8¯X„È®üûÒGüaÕ÷Ï
ü¢bòÑöÜ›Ï§‡@wÌ”p)x°˜ç-F
²îQf’ºÕ^ŒAÞ@jÍ±ÖÒâl{QÓ_}æ“*Ìxƒ·¬îwÃ1¬ž"`ï\€öèuäiGÏD‹h2ÍÍÌIÜÌ±ønó;@ŽP+}|Àe×ú~Uvì>ÃßUÅï¸ÁXËþ›Ìþ§}zþÝ€œ¦of¿ÁG;ééI)ËîæT_ìâ™¿¿ªµd7¤S¿ê;»7ž_æmZ«®‘Tâ¤X$>{áÃÖa\–G´d,pÑIÈÀ,Uø»ànUt®½rf^9š,gñÑy?\¡¿æ=äj&ý\Ž³£å§´¡#áj½Õ®öÐò¸
øâl¿%Íß5»Qá„øêè½Æ|óc/Ñ|š»M{³âkW>¤?Åb•ƒE†£HÜÞ¡ÝãRÙB4nõ1èWúÖË.ì€p‘Š¦|×-ÀÕš'BKGÔ.K´µ˜"Õ¡nQßõáíë÷ÊÏ¶4]™.u&‚ÒH…Àz|VvÖÝÜOj–,Å@=¹ß6êÊèæâäz°)7¼%ÅdâL£5þk/±
²Vìÿ^sÉ{/H"ªe[ZÃ"Ç70Î,ö`Ú–¶W€Œº”êçg‚D9YnÆƒ!5îÇ¾u"ª	 %tÐˆg±q*²˜ëvž[4ÊùVeõ1ÈÞpÎ†«6"N£ÖïQ)Ð€Å7oøÎ‹H¾†>½ý`«dé£èÐ}´~¾Ý¬ta!úíÆK|ßg\Vùé€›îlæú#o«Â,=NÄœ
˜ [Õçs7ðzŸž]{ùAv~³‚ž¦ñ>UËŽí`ÜÂr?ÔcàùA<„ÒþwïÀ{lÂçJFöUÌþXDà)‡›oC/w½íÁ<,?6‹¬¯¼ˆbÐÉÙÒ#ï‘¦ÌDs…_Ç<WqˆÄÁ•,88Ã-:ÒF+—1îÉòÑ§ŽdçÅÌ0‚éuu>
3qK×µ•üü6·méÜdÓÅàls.×òEM+3½âÙ=Ú£Sy|¢u!BËËbŸJix“<;1˜¥î¡×Ó<l¢ÖØ:ØÇMh"P	Ó¯ÍÛâãÞnØ‰ÿÍR%Ù^Ôfë"oµóS5<Ï5Xztýß¿²PiMaÉhé ó“ÌÛ">º1”…ÓlÜx>>7á©ˆ$ÞÉÏÉIƒÅwBÄÓê‰ä—oÈFÏž~C€^ü7sÑ§XBÉõ“‚¡âWy/g‡9îæúÂàJ3?4†C•ÖŒ"óÞ½yz éÔ_æoóÔë9‚ílhžÛ9AúZÈ`þ¦üÇ†è²?b,D”}Ý¶7™—žã\u.+Ö«»º"üfrðOÁn5^¼‡X,à!¹¦Â¯Ëœƒ4Uï1]I>Ï	 ˜“¶sâ\e®¬úlDQ–Ö¬ÉºÓµ±‰†Ý0\vÕùñhˆ‹åÒª>R² w:~ó»å$t¶ÿÁ7k^ºË•è'™v€ýjS$ ÷n¼Ë*µùÍ§—‹Ïî¡È¹^É¤àw0SþçoŒÕ:¼KM™–H kU°ûtÝS¥e¦DLp¾ù“0°N}êEM6M¿6‹ßŠ9…)p¨Ë ›»«äæ5Ù(@˜—u»ýi{ÞÉ‰©j‰Ÿé>—³!û€ðõüÃSÉW–dä®ÐÏ™·ï`æ2Pç¯¢¶7gIÌ¹éÆÏXÀ;õÒÊÐ2nÚ6‘ÚX›¢åN¿´OO´Ïuîß©=û>‹xì>=×‡È˜SÔB˜f‹‚ßçüY¾ÎªzÃ¼Ó`u4óªö<ƒûUÑÏVk€caY%ö`àwl¥Îo¼ƒ½:ÔiU´ÄnñÓ÷cu‚¨À	–
<`HHìéPä‘òAÖùâ(z4¸,Ü#Pç~þ©ix„÷TŒÇ±ƒ{ùR´V1ÆÔ~4zdÆ,ÑÚ‹z¸).Ú Ü`FH‹Ä²wÈ[•ýÕÃ|-’]vã~ºt:Š{È ä)ÿæ‚g3_#p‰g:íïÑA1
Õnc§žh4x˜\”b(³(Ê,P«aEÊì–ÕÍps8YêcL0è¾¥êâÆGðÊ8Õ·9’Fj¿l	InŒ£‘ÇÀ“4¶4Â¨«›·à·ºm8¡²Av O8³“Riža1ÐõŽ…qsø‹¥Ç»ß·9:~1ôíðèwuG’œö"åØ´kbnÂ‚¨ Û¼ã¨¢ Øî²àÛ”,Ùmï(üù$ãë-).àÝSÎbÈ”…SË¡¸ëEÚQ"Oê—7´:Ò!cÛ:“`¬.aZ¶÷sIa=4‚œãFƒ¤
>2oL'¬•ßV`$f›®E'LüJNù”;ì>Í¢NÓ39áÀ£dæaàÉ~-™÷k„VQ]©¢ü\R‰¹ãJ©¦‘i–…<hÉ$¹ÌŒë,†äÌe`Ú0Ø\÷[}Ñ“¾Ã™ºçf~<ÊÈ…tõÚ}‚rrÚá^>ÜÜ-q&xY´™ôRDÕœîótiUEUz¾9ç«#qÜL]5Áà ©/„»˜ZãÕCz^
ÿ=fp³~WvèøÐ˜ß_©®z`
ó
ùó6ódÁ±±¨g°;RuK6›‡AÕÑ.ãXaÑ®–9i³µ\±±åaW-3D€i½ïER2^éÿßU”#^Â´*]™v'Ú™^Üá>YSM5;Tg“°Ë3Þ™+Yú&k‚æ§øØ*À´W’Äç!$.›Ú=LMÿ¦œP•RÕÌ
—ä·›.ÍžŠ'ÍAä?pÿRLÀõVžÀˆ%`ìy%c¼ïFŠ7þõéÅÑÀ
"¹j¶NÙ€•ÿ¶9‹+ƒ9Dp,R+ÑJC‘ª`.ÃÄù¥Õjx\á0YlJëuI&þr–0hc7z#ÖZîª$·‰·ºuß°…ŽOY«ié0Æ
à¢
aX¬<>§—Ön4rhÕ§Û¢&ýÕ%
=
É/‹u"¡0Ä¦7žgû?6™‡'¬—´bö”¾@Òžj
‚Q—zcöˆÏÝƒHCU@¼–^Æ0öxâHWxå#ðÓs[E!sM!;³ÛþúOé+O«1YKÏovÛeÆ{Ö<9ù^€ÿÚöà*[¬ž«¥Œe³BoA /²0¬N4#àë§b–ÔÊo˜öÈý#Ù®NpIÃ÷äÄ£-,þr¼ÿ¾‡q€eúúŽ-‚"C›rv¡ÔÍî¶ó„X{jò£	ƒ˜;C”ÈÂ»ŠæÝÑeìÙa§Ÿþ„yOg>D@ožk3U8×nöc”5x!DüÐ÷á'»Fö†} rdÛNlúh;:’Ûv£În¿¼f§[ßç‘^ËÓ£áf·ìR°Ýÿûš?b:aM„.¡*¹ÐÜÀ‘éY5áÌ¹ª&ƒÃ¼·g¶q¦äš€![½XÄOÄa”ïWàón‘?;~Ã'>yk»€xÖ…™VõVñòþ¶ÙHvçñf+ÀÌO°†™UÆšot¼ãžå‘`‹¸™-»Û
sM3öjáûRkxîÀÝØ%
D¦U1y˜ø…}Û3iž—ÑÚòêÇw3ÑÜÜ
PùëTÙŒú›ÖbGªåË†„¿¿´—•‚¿/`´ž¼®³–8ÝÉ¡Ó š!ìŒ~º‘Qæ©Å1Ð79#ÁÓ ÃAçäö]™ù6®y7ýB‹LÆÞ±µï¬íÁÍ^c÷êÍøŸ{LzÐ\këÑÃžý˜?'uË” À!©æH3t\Zq³4•ÂÔÖ´ìŽ€&-:Õ¦JÞV ËŸ?BkËm2Œ¸øpïî„Ëë+¼g8`¨¼»Ÿ3´Ç«êF<»1³Mmíƒ¬Úú¾Ë¨ –ÓÌÐ^$âFäŠþ†<‚L,Ìé—¼ƒ2öý‹TkÄ=º³kPåsnŽSŽT§º²æùäÁú¬ÉHUÉ‹*mÜÔ~ëá2oE_j
ÎÿÛgž’_¼hÀü»ÂIäp#<Y#ã(¦ec•`]XÈI½†+»–9äJr›x†é¤K9¬H™±íCÞx«€²-gÃ6UöJFÆ©–„¬×ž?J‡ø«ŸTsZC»AšUz0.z¾'a•e4dÅÓúœJãÄMcª5í-¢æ†Û¤Ü˜ï÷×Ê^[fžú:FZ³¡É‡£à\€qÛH™#Ýça+×T3²J'Nî´jtùIMÛÃŽÉœ1-r“LÞvÀÆàž4ýQÒk|Û±L	LånË|ûfëEY³›å½é“fBu½fP™Î¸ºDË¡ÆRfMä˜º5Š÷c;ÍTÛM’xˆ	M³¥ëctAg[Ýóh«‘îÖ:²õ¬LVË5ŸV‹mT¦[+mO"Œti‚¼¹Qå:tÄd…ôO[
f¹$±±Ó\Üm.mWB6uEûªßòüKýÔIïf’å‡šû!¡Îkd "qèÀƒ&8ÇÙ#®¼Þd	¼¸vîÈ$ùNù-èªI!jZahé È8 Œ>Íï÷<¹S"˜éçú”ß]tá¨Åxx|þ$p÷RYÚxKp°âK:÷jºôÂ£ˆ¦Dåd~ke¾
Õèµ<ƒ–IÖH>>#µ	‡»aÅLL38•ã/3ŽÏÁöo7ßs©÷þL¾Tòè|Rì†k2>æ}o ·€°zŒÈ¶Q<MTˆMht‘\jì¶NV°ˆƒ1â#[{“Ùx€K( ªÏ:S)™rC?êmš¿Ç'R¸Ð@¥ºÑúJó§XO\VIïê–@Cí;,–mZáÁwø¯ª$’?å‰õÉXA>à÷œî˜•qyÚUQ¬}“ò5¨´ÈÛ|¶	ÕLœÁÅ†×ß\ôw
‚ï
.p£VÂøy‡Ø°Y§µaÏ½üUÒýñ‰5s²m‘ät Zs²°âµhó4i*ÿ¢)&ò:çˆk§†ßñ™s#1$Qì·Šô˜›Ó^#>ØÀ<¸éj1R½÷€öF·Šê^ÓK@¶_ú_ä·?ù¡'"Î K1fœ`$>|„{¸W\ÔÍáp³S¹Ëq3TU2dÓ4L¤¼„ó&É¸£LGMbu—ÁwGYìü&jM’Ü˜×ÒP@u|:%}oF›ZÖ·äP’ÝFƒ(6–‰{Ú
Žå1Ø˜¢Íkõ‹mƒ¬£"ðiÆ#¤ß×fƒe÷Vñâ„ùv®g‘˜þ¹ôS´u^v…@öò.<Uo6A[¨3¥…†¥‹)‹I^¶¥)×2†6ôôÝPÀ …ý yrmÐÌ'xb9dþ¿Ì®º¯Aó´H2³¼Z:ÊÒL±GoJãð”ŒJëôúï‘ùµ4Z‰…}Õ3`ò5®b1L#§hïb‘ýÆ"…OlÏ¦¥nÈÇÛ\+è£ûBú;§1Íî3«wžÙIm{h}OÓ#ÿÇy&ÒÎúIËðQ=ÄØßvGï3ð[‹mÕº|
ýÌCy~è¬ñJR|“áë‘¶`•9ó€†u
ùïV…!z;»`^kæ` ÆÖ4¶¯”ã!¾ÅU%³ï6¶	ø˜ª~Ô¢{Ä‡/ù=³;°{Òð¼‰En_W¹z®×ŒÔj®¤ÑÂw:Ôzq¨tˆ[O.£&Í38c«7„{zÖ&y y®á=þ9TamˆÅEº+Ù?ÞßZ°}ò…ÉÝü×Ó]=Éò+[ƒäºòDh$»CŠ-ñï&™U´\ê¸2„ÓWò?ZÍ7<
Ö£§×ØÑÁÉV@2éËæïó*û4ñ³9úkÃŸçÆu»o Aox–†-dç~“<}.DÎx6ø’fy!ØõôÅwÀ°
n˜u\ÊÙ¾df%ˆ”y¤ûœGfFo)0Hûªßž7ŠsYwæ/¹ÀÜ8hœf³ôâê[iñÍAÎ¦|È£ë³.Cd.Ó•ÌôÄÞ»Uþk¢Q!‘…)mO„Ø)ãËÉõ`(„:éí¾ß³e²õŸ
/Ö‘Õ14[å˜¢häÈ%öh]¨Ì‘z‘bæçØ!b5š›´,ÖÒÇ&ïêÿ¯ò?_û¯ðÃËˆäý2ßçû¸¤N[€u™±¢‚ÀáCÏ‹ñAðÑ+”çüQY}Öúï#Õäß“=ûÓb•å2‹t…GeV¥&ë¦\¡¨¡„žüNàc’Ï	êÉ	Hvï"%!2"‘(ýPñDö\värÚ8~@Mˆ=°#`OÀT†mƒíÑyñ¢ð«¨ËÏÆì#‡ÿ_ƒF_¢]û¯ôSvž@]çƒZBØçü°¼\^V|ä–ùÁ¼I¥wá'ß¤- -jYœæ
ês¶c4H»>Kéoªh¢»§ÞjGn¢-Z87ÐF`çV4Ÿ\çÈ_AIyW\ióµnÎjÚ=CÐS„3êïÇjÞ~l¬03ž^øq|N•r˜¯¾‘qƒöÍ‰jß“yXIkÛˆ•/xšsËÄ‘ÍZ5!:ñ>Ïêž¶¤S8eÌn†¶^Yk)Ëé¼©rä±Öý$Pž4ü•ñä¥H6þopå>Ú°£³õÞfÃëãdÀ*D}FräY¢Mâ“/1~w«?˜fÒ4«`ØÃ`´kµNÀä´:Zƒ'‡µAj°lÙêYbÞR‘†€'æN
im{’N‰ÒÜR×P³2{«á»CùÀä¯A°’]{}z(ñušXÌÛNŠ%Â"Ý4á¶lÙNˆY¯Ìç"
®’)¯!O}gª‰Ù´ÑïyÀæþwN”"µÖÙš}NÔ-[«¯Ó\G³ñf¶u>üfº®*¦ØÜò°ÿæˆÁáŽ‡C,!¾ò‚VÝ}3õ>Ó‡°ír´Ñ¹¼VÞ`Ü‚·z_é.KÚ·ÜÃ,g}µp¤¸ýÈ`Î± €Â«µ=0&+ÏÊ~f#f3ï0“†ÖÑm|¢ùÒLXn¹è´Úk´v¿F¢épÒ(ñÃØ<xd¿Lû×ÃDÒÕa;kCëÆ×4‘½¬‡§,20~Š´GˆIÅÃiSof	;¯ÿ†AÍ"ðb5±˜5`3´{.@÷õÑ´wÑy¾
³Ö¬0Rc?CèJ×Ö—¾¡]¹‰PFÎ`÷m1QøöM"àÌÞûç¦R§äõbqóSLWXÊ—¦Î©{1ùÒ}Å&·uu–UCÇ]+\ÑFèóª”b ©$AàÁW—É„6 Ò
Ø5ÐO§è-–©ÐDðµ^ýá*qz5®‰¬[¨!©ô
RçÍ"Ãíë*JLdåÔ£Éû6‘<%"ÍØrÓkÈÖ".óT¶oµìOÿY3ƒuŒ[û"S‹mM·ok0X3;>AØ²[TRÄR]u²§"y&†õa%>QMóŽÊ8
˜sh+—¼*¦÷¨Ý\†Aõ¢ÝÀ<ž(_Bœ)
)Jë.ÖcóÉª/ãÝDÀ—Þê…+÷Û.’2KxŽÏüY‚
S	AJÆ†1‹K}ç6¯>{‘óae#Æô€ÏïŠWfoÔO#;)Ì®0±R˜ë}à0ŠùÖ(Èšˆ]nÓ¹d[CaÝ„¸ýœ‰u]ýòÝ3žyTu"½rMëÀu]¢´]¯£Ø6LasÍƒMÆ 7‰®Y"Ìfë- “}øêbØzQåw«QJßï z ø/.âHÛV<‡á›Qó 
Ðå-Øó¥ÚpÄ's;žxª2>ÂßeWdb¤Ô¥[/j¼Uä%^H^Bdçg®Ûî
Ej˜G¥3ôø	ç<Z“(•³ë:oéÞêjŠ˜,Ým…¨—°ŠçÌ±¨žoæpný‚(ÔÒ,2M|õ¹U€jœìH¶Tz¶²_ƒQˆ\]‚¼R´ƒ¦Ô%ïäÇo¨.,FnÙn¸«Ñì·
µd&ƒŽï¶…L&¦ÊN°]É²*€Ø\°yPE|P¸È<šºçß.i™I˜©bìô‰¬Êî‚ª5vði´(±FørB«\º@Î_õÈ0µÄVq“ýfDmÜ}¢È<Bl®¨öö HÕu°€	Ê(ÁÞ'u%Çz4I¡
×¸£ïÕvPÑs?v×þQ‡>-ÜÀkƒðß¸ó)Xº…7´¤ŽÁMTÅN;fÇv¤Ìvú8!Šy>bÁpÝ}´¹2Ÿ8£&öJB<oGEÙñõÏT â©x¸ã¶Ý^ a”wø€þK†„LUÅT¨…,Ü1ãú¦ÆËñq™†Ù”	|‘ípx@GN5ôÝ¹î(Î’Ü-3xƒ¤›¶Ô.µsrD¼Šœìø¬>;ÎŽûe¹uOé>š&Ö3Jgi½'X49¡

k¿Û—gå˜·q9†j7$ø‘ã_€¶èv¾K¯ÁÃCžU*BÊAvˆs;à#ån¹Ÿ”€9_X7&?Ì»»ísY1yôxƒ+ÓTÀóâÏ£se}B=+«û
¥‰¾,Ä'ÿøq%É(ÿÛëÏç3u
<qf™¾ò¬xÀ•Nùþ5¡`ç¤5»Õ=0ç=ìzÌBåßíµŽç´«æ&®ƒ_Ž/e™›-öÎãx3¤p³Ñ¯y2bðÞô§l]1RHœ±Èê¹lóH°#ç6â!íÐ5ï¼°ÐËÅP‹šÑUà)3
óöqíöÙ-Ê–*¤ŒÔº£ÄC®½~*Ë•àn¡³Î'L"Z»K…ö%i†¸ÛŽ·1Öp:#ô}òû°î²)eW¦@nÄVøeVŽ‘É†°3]{32Ûž„u*Òsù‹€Þ=béEM$1–eÄ´LÅåÖ}WÿÇç,Ï[MöS‘—®XÇ¦U7á›-LÐ©hÝ<;§#-jÀ}Ìé¡ýÐìÃã\ƒ·ìö)ÞaX
Gã¯ÞÕó ½“ýžiQ›ýÇL;ÕäFÌ+üõc‹È¥ßÄàî¶úžÐä2a?å=06¨"NÆX«þN9Ìç`ô-œ9ŸIy}Ö\À	X¸äúu¾ªkÆ·†UÐ’ÇáqÊÂÊ˜2$¬jèbQx†Ç³ÿWåž-U¼²¿=õ¤MTÍü’|¿ÃMñÜâ¼Z>ùÛ¯ïW¶®Ë	ò"Ád)y§d¥m9U?ÄÌ°„R—ùŽåh‹†AÆ…º8@ŠeG}Þþ=3S0Óëo!ê==æ‡àÞ¦|?³†.óÜÜÐ[âà@¢<uæ½
D÷€¿Ü›\Î£g6ô`väuFäPº6ÝòømQ>Ý–>	SÊ(oø!"Ô“ç¾<ø®ÓðxÕ%ónõŽ{…vêëŸ4€‹È<ÌÞMŸœ»{idÇc ‚Zqš‚àºá[ìOÃèšYÙ	lG3š‹(–C'G¤j0¹q‚Ÿ¿J'›l'I‘7
s3–,Š`&MwÍ.ÛÇ‚µC-áÃû\TiTÁ<nž5u÷ž¤¿.Aº¹ž›·á º1U}ºù™jZæÈ„ÇºÇ¨tY.Ô¼:f”æ.*†œ7?ar§cÄV©Ãµm3[²g¦LJ
ÚŒÍþÏºuÚÛ‰BþžöO
t0ER;pZí;ÇÒŽÖ‹ãÖZ•h-ÐZk•ÖZ‡%¬¡¢Ö*‚´*…´s¸T:Uü—ä@ªFÀúÝ???eEÊ€O^K‘gˆsÂUkÆÉ™Ûpždååž»Ø•´Lõ´Ýû™ÑlæöÍ¥´C©R[h5B,)JÄ€2àEì„@J†
MÊ#= ¿CÄ¿{ûd	÷„ÿûñ‡ƒß	é„¹û„Ë<&q—ß7&?œ
yæßñ¡í ×¾xÀÅŠ3[ìEt.pàÔñzBûz^K¾W4…Õ5Iì7¾ø|,xˆƒ¼ï‡çkÛŽ’&m$íS$*ñû|üðó6/,ˆî?x ?O(R‰¾^ùÎ¦Q¦jcëæ§Ç&ËÎ#—YQŠƒÖzÁ5÷x»±¿ìrà™œ©Fx``£«£[ñ%8u_>¨×Sò‡=G°³
òìFrÍ¢Îƒ¸qÇ¾ÔCeÅ)E F§UÒiË~‰Nêìz¯%B²îÃ_g_9.(ŸÝ÷Ð cZ`>@žÂ‘–D˜¸ó,! :éÇB,ö¨ø’öT¡ª[Õ×å«[AàùE=O

@oç&M¤
íâP¡¬)ª|ö›qw«†m©¸÷¯}D³Æ¡k÷OzbVã0Ÿp"œ¯Tñ0Òägf¯f›õF`Õÿ "€'ê41¶M_¸oE^ø~ŸÔ†TË+~e|®=äRBJü>ý²‡sûÅc¾Hï“(!ªVÉBæ6?tg n$W“SŸ4é0b«CV&Üäx,r(;Œâ¯¿Ô§9®“„/ïœæán~6m·!ÒÖ&Ï
üÿNtIé@!r|=â¹A¢1ÚQ¹R/GÔG¯A(r9çæþo$Ú{'çø`Ú€qîÁWsñx\ö€ÜÚí$q°{Ý6s¢3ÿµë2GÔÉ›æ¹¬-zI
ú¿§ŒÆŸ·£ÊòÁõåÞþ’§½ß
œƒ>/r7Ù8ÿÏ÷˜©˜ÌqGjÉþ®ÿisrNûªôb¨E£Aºó)½ˆ öœöÅâ3ó;êýî™ó¥Æ –QNn	¦ÑâåQŠÔ@¡]2#s®… íŠë±ú˜f›!`ÍE¸È?>¡QþÏ»â÷úùûD¶Ç˜K¼cQ$ß=ýøòRe?šñµ"Ãàî‡ß¿Z3Ý÷ÿyè7Àú'åÊù¾À‘ðôøÜJ1?çOþ—2Š‡Éj'0ÙëðR}€w÷ùß
§??/…JÄzëß›¿Ó´HŒ´ãÂ¡Ï·|¡cZØì(ºéúÿ_I‘Å“|’ø~¸gðžÿÿî#÷¢ý€Žë¾<-?Ü¤óá9^§Abpwõœ}hã.o?íVd.ÜC'ü‰üF»=>~É‡È<TT¸Íÿ¯cÆòÏü³¿œÿà×à{†£ýÝçÏvwàÝ?¿Ï"Ô9{(™F¿ßÄ}²þ¡þú›G,Lg+Ž(Fàúüó7oå~qü–ð•(1tLBögI/Û¶ÎEûE ó›•Žx,Z.ã»‘¼×/˜\§´zÜ…v&ãT3_ùE5Û÷÷Fÿnjíþ$ÆÒ¿ùHð 7 “¬4xž2²£æºC_“áÞÍ‹_ý…?è¡¯6Žª¦¬CÄ2ð“¿Úó]þ²2Ÿ™®êñ}íFXø^/ˆo‚:?ž¯×HÕŸøMú‘¿æ·NÚ¿~Ìû!ÿ³Ð8&æ#ÓŠÃ¦7ÖK’«â %»ÓrM#Q]Zæ}Æ½ˆä£*»'&Ž¶Ùz»çã$‘]‚·]ÕÜfa,H²‘Û„ÕåE¶£N{Õ?õ]Él/õóHÚëy~		CßÃŸQ‹ˆ)W«;‘Ö6J:k¥pòDÈãœ=ÌróÓïÙôUöê†õ¦»tì6X¥û;mýhdÆžž©^ýnñQñ%óúqåw3ã$ëÚŸõú&kc~5Ÿ3{p(DŽ£W }$¿Ï÷=¶O
€ò%‚x‡ÎM2{_†É	wÄ‘hŸÒ6M›¤BpÍø*f¤Káù`‘UJsdoÞúo"¶½ø}ªˆàžSyƒ*–î1žA±Ûî;çË|J¢W–ba"“Àý|‡yt‘~¥ºÊ8¥þ©ûNÚ€ˆ?kaöß«ïªŒôw¦QC¶§™IìÊx¯½ÜØ8¾%ÿ•-(;ä?JTJûÝ#äþQmlØýÁYG	Ÿï8õiAÿÃÍ…€ka_×>"fÖÊ—Šv¾c¸øYXé éœà¥¦•a!:	qÈW’~ç{×Ó£Í½r:°ÉujÚ…‘5‚§$zØíˆ4ªó’ð¾°zŽ®!óŽ9¡7ÔEþ„®ú¶^QþHSæôø*><zMÚÇwbCÿ{Ÿç¥ÌÔÐÈ=È~Ê±ÃòÈzv‡Jã¿t_åŸöä0ñçß£µfçh`9yàÅ=-Ý'Ú)2-©¦lLCö{Þ ˜|£Ï*©äØÖ%ÑëÒ:Ï"Ÿ¤¶ažgtEÝ4_\µÈ"xº8ïÍM±wšfðàŸ«¬-4¹:Ô‚Û..5VˆL3S¥¹Â6»›J.P#pˆQ¤½ŠU˜OlÎ
Ï|n¿Œjä·ÿ–üÿÛŸ´ùß‡nMÿ•xõ	èpgÛšÑÛq_ÇÜU»'uØD!‘°_}†ýüŸTL@w·™E“!ÐçGÃ?ö}Ìþ„l°å«PÝÉÁµ—¾kà#Øû\ÿ¤>¡åRÜ'
È›N>?Žê»µT²w‹'iÓ§%º üù|ýÙ§•½ô4ëˆü&ß"‰‚\oäìž>„‰²ê'?àÞÓ~îgÃøtD|í?ƒPáûÂÿ"uÎÆß°?/ö|oñûöM~žõ¨éèqà×xÈIûâ)”ŽÌ¿ó’Õ^²JgÑ)–2¬2Æð-
äàñ¸ŠÚ€¹ÍC¸‹¥0Ž/ØèöcÀàcõ$~ÌKx|bƒìóÄœ×b¼}ˆ3•x”_¤¼ìg¤èÁä<÷[MYðµð¿$ÑÍîRß:›ºÎ[
˜“Ÿþw¹Cÿ±þÙâÞûú¿÷šÉãI7|7ïHÝ·!1õ/ó€2Br!ègòÛ<7`)¼¼x¢k°?«Ÿý
€sëÅ÷÷?ßY¸Ïõf’èé}ý|gzWíðüR5iO“Òº úéQÜ$àCEÕºO¾üJïí×Ù?ñÅú_/ÿë€“ª%Ã©«·|ÞÉP`ùQ?ñ¾×úßÖöÒáþÖUÿfû‹OcgÞÏß‰þÓ_v$Þ9¸(åÔÌEÙêËôQä3g-¸ø¾sìzD”
\¿ƒ¢ðå+.œåÊE®Ÿwiäíë2î¬ëB¦É8‰^åð¸=ãljÛ&×œó—ŒèñvºVXÒŠšŠÎW¢÷Þœ™7žïqËA¤õøPþä¦GÁPg“õ"œf1½ì<‹rQN»ã'Ø!Éÿ
9ü€üŠÎ>N{ÞaKw15@®½/õƒcXC‚§ƒ÷åŒ	IlðX.ë‡ïûQç
àzm*ÿèç86&Iy„×(îñ>²ôFexøïzþ©}XI“ë†ªœÉbHø?ð/íÄëù‡Éb¾9= -ý o“øö‡²Þ¸‰~lŸá²y÷ûÏotQá'»³ïz×»ûzáÎ˜öòC4’½Gyá¯¥º®ú#E^ózò5éô’všESA+–ðŠ5d«I¯`Ðî2ydñ;—ÊFÈSƒÀ-gRÄr!gOžây½2ÐÙ(Û|ýgó*ÔNig‘rì—ßËí»q~>œ3‘ÊkNåVÉ,^ðˆÃ®¢[ïJ µÛÜ÷iØó	&G@_ËAi×i.5·v½°£B(PRq)<Y£>¹º4àùüŒGž„¹Õc]Ïm+6Ôš! ˆcãZÊ64zGÖŒV’ñÒí#év‰|šËKÂ7ùå~uýÐoú×‰4YõxÁ8“_D_\Ð>òÔïôW—’±ÌS&¦æo}ñ¿=›¸zÀŸ2¡%.*1KgkÐá¬ë±¬e,ä4o¡
Kæ3sm²¢^øI~Yü”&ùÄŽFÜ z+šñ` H»ãÎn6ëvÊY`õu1'–¶õÿœŠ4MªÊß¹MÇÐÓã<\ñ”<ÞEŠmý7<Åþ´w¼[Bo
»|k‰¾¤DjË….V¦#6æÞ¿¥Ææ’';s}˜Jˆ?tWU«¯eu912ñ§C½¹fdâúÛC0))û˜™ •ÅÕpEÁÚ§E-9#Ä3êäx[)/!idEð8üõVp¸~†lšf
A¸÷î¥À#ÖiMrv,ÃåíÎ¿dêjRžîñ¤Ž›Œw¦$j@Ôc¸øV}Žebçšfùÿê¶{BTuÅ¸¹.ÿ±Ò“*„ƒ¬sïéÏˆŠÇÊ%UÀVy·úèY^,lr~HòúTÿ1ù1?èðµ)86ò(Äkü$q#Ðß‚h€dÄÖ…—&yË¿Tx
žøþƒKË}Æø¥þt]ãþÃúÎÖÕiDÔz¿®´V°d8Ñ¡äcÐÐ¹?OIfM“ë5Ù—“Oqãõ˜ÍÁ]+öMynÝè+Òðífv•…2®+nJ}dß€0‰·ý–/,{ÒÖŠÿGÿ%oÄ~>"²öw¿o€ý±èèùÀì’•Ž	!å-¥%‰qÆîFâ.î_
ˆJHdÖçä™\°@’û}ÿþõUªIìgÿßú]¿Ü^m_ÿö…i7ŽÓ|g®
ŠL+@+Ó“	fðåØe¨å©‘Å~ÀU‘JqM)0	¥óþ¡	É	eI9IbÄ˜È½ˆõøøò£×#.œ	ÏIwukŽXóñ›K|íþ¿ôIÙû#=Äöþø¿ä”˜Ìå¨‹²\8@…ú¶ûJ~ÕŒ—Í§vL–¸eÌoý-fU£áíÐñ¿ý‡Bùei`cœ²{’8x1¡ñ1(UÆj‚´à‡qw÷¦Ü}!ç»	µ³·>ÉþÆGU§ÿ~|“m½ˆ+Ê.~ÿPßh?Oƒa™0£e;ï=O´øu„šrýò¯BõAO|9r5~g"?–¤«®	#œ…Á-Ÿ+ý=žÙ@ÝS"öDH–ÜÖsPD‰úYêK=ýS¡¦u^›ö€(…ÉØBX*}ýg–Þ  ^šÜz¥³-½‡¶–ƒ`2|úžÒ|
Lèà´lo#-»ë¾„é Ïûm7ZpóðÁGÆ•#UV¦˜#wù‡eê%ÙqçD“*qI¼ä“² ‰¿êS¶ü?o/Ã‰ü4v¿ˆ}{½íLý›þy£¤é~@ûÓ|üÚèøÑ¢÷ß¿Ÿ/—Sü®÷ÿ†a¨?·ÿÿS’È¹A,ƒÂ-ü˜ù’äC!…ÃûDúFÌlÆ72$uCoæœÊ¨P½†"úã¨;Ñ‰"ÝÑa˜l« =>¢NN|Ž„ß¡}éæ›+äoJ]#ìE0·"ÈñÝÝ>é(¯Pä/ÇJ2z¤Ó¾ÏOX¿Ôÿ<†ñ<pDý3ýÖ¯u|ÿ£€¶¯!û…¹w{îçžî¹ž{¹ç{îçžî¹ž{¹ç{îçžî¹ž{¹ç{îçžö»ú!ëÑ>	g]ixQý{ÿ!ÿööKß£ÿéøUïû¶ûõo¿G‡ÐýUÆ~P’$Œ)‚ž†(ª0ˆ7Š•#ÄÌ!IK ’$MXÿÂîY/àÈþäcýÐ£Jìß't¤÷úßF½ÿÿÇä4éÕâÎÌÝ–ãí"Ö;ÍR%Ë$è³=
µÀM¶\ß€Öö</Á’ÝñÞø8¸bJ}©FÚdÀÛ§þHãb
²ùÍ™~œNDÑbF–Á¤/¼Þð;.®g'pöhÉÈ^ é•–O˜Qžôé'FyoâÝr¢ò¾Ä›xkè²ˆdÝ|õóRa–	“Ð}™¦H7]¼ÆS²é’ë¨¤#J;B©…üôQ° '{>Ó}” Lf±OéË›g…ºxdþ'ôÙåö˜ÀÁŽp$£\ó@¨Ø£ îûþG§ðl{½S2±xp£žO!ÒŽåÙG¨2‡z•ÙQU¸2ãqH§"ÒÊA·	1pi1ËôÚôâôúAÍ¨È*UX}BÞ7Úaãb»FÿEÕ)U«<9måÆPt½älž§T½~VÆäÝrÏ‰lß¯‡ß„Žrêíg¢Ká{¶j`šÈV JcÈá:{9<7eÖË¼'.€8K@Y—'¸Œ£TFrr¤ b”º65&VW)Ä¹NUšZÞå×n?³Õ˜4aV–dl7xT)Þp†Ëj5ÑÒ0Z«:ö#
	ƒ|_ˆkªîËøØfŠ¹Ü„„DØ5’lyd¡,™F‚‰"3Swd¥³XÕÚ®®ââo»ÜK5\ïÜÑ‰‰ëSQˆµ)BX)£/dï8>wSC"+=¬ó™9"É}¤“óì)r¦Ê·#åHã5Šø®èB
“ôš-àéßž‘ÃTdìºsxìp×µÆ‰$e,ns&Qãö¨¨oåH¸ì#î
²F'kd,$Ârv¯,RTE©:½.ª’¡ØÇõ¦ÓßkÒ<¶3ðä©×F*ÍH3¾ví ƒ´asˆ)¢Lx¨z}Ø6
³3îÙ"—‘<ÅâÕ<ÉóÄVx2]o¶F<¾;Å†3œaè*G1ø'¯°¢‰Mæsv÷Ú—ðcßë˜`v(«çl(XT_¶„õ0h
RÞ|J’ú†Õïž×âGˆ6ª·/>({;…æÕ7)ÏLg‘à£ä€k0
°D\ÇÀÇƒà?<D˜B‘ó'$³zÆHTºiìÂígËÊ	/Á©zLÌ×ïÝu&o‹\zÖ9ç2¥¨¶œÆÃ`=«HDJh‘qÿ¢ÒQyçÎJ/B@7!ÑÞ—¹ZFU¥‡6Zú5dŸóXXóœ¼ë$™uM®š×=²J¾Ôò7ºAš#`w_4±ðaÊXžN_êÍ	ù>9·µpMŠ£cþü_|(êïêQîÅ&«n‚Ì_~SóAâ xk,óf'L£QçU€¥Ä‚Ð’›HkSÙ°7_-]%çu)¶¢AÞá#ixÊXÛÿe0ÌÝÉÁýµN¾u}›ž=NDÕ+ß˜ö*ÍÎÎsdë
çv¾g¬qoŸ¢Ð§xuñ³˜à!§£µ".¯ù¿…=Õ‚/*RG¡æƒã%>6Avh4åq´cRÊådS&Ÿ°§žèØ^_6(xºHí…g.d²‘²FUxän¡Õ*`cî¾ DxB¦æ·‚Ú-™Àÿ\Ð.ä@!OY6üDœ§E=ü»—Î’‡Ø`…îÖHHyé«TL,Uìõ
ôæ<õóÚ›K^äöJ¾ažÛíêm6:M/n³Ó¯É¬ôäÙÅ"îŸJ8¼«–ÁpŒô6íi0iŒq º>àí']µ!í±)ÐL‡"X‹+ÑŽÎIRN+vÒ:D´†Òwwøð;ÍÑãhóà!©ù)rõB7‚wWžçY%ÓÉ¦´Šç‹!“ÕˆX KK¤/uD-q‚Át¯jk•õïùÂ’ÊÖŠ{qÆ«5î=ün-œØ––W@¾¨/©ÍtúMÐ\5›™Ÿ|h±,Ÿ'i
¯ÖÊ:u:fÔ½3ûåV-µî¤©œoî$O'H²„ÂÃ‚h’Yî6r~O	ÿ£@"¤¡…õð1ƒ^)%PCcpÒ<üÁÜì3QÕ°þýøl™ÄOü†olÙGèE)(«U›î¬©WÚe½åõ[#À>,íek*‚.Á‘A¥³”R*óä«m´‘\…Uüs4´™I1oÍÓe2Ï¢Ì:šÚ‰ùPÍ´V¾3ÛÓn åz-HŽ+öé7¸8IAíbD"÷aëkð-ä»2žq=Ž!5ËH©u§òó:5d¨5ö°’ì{4úÊ6v¦÷á3!K‡™\2CëaVu:·UÆƒ"Ø1ã_Úö«Îá-Ïz1ÛOvóáƒ
`ÉÏîvçúÒaZ[¶		|„	gËQnÒÆ±äóô(nqÈg¥ºqp·ùQ1Uv¡FAï¨÷}œL’‘sX–{(|´ë©!`¾ÝK±¤R•3k;ópÌÖ+\ÊQyBö¼~n|ÚgKsº2ÐS~ÏSŒãàné.BlB$ùvÑ”ÚLbr±•FïèÂ…ä“ò¸kKÔjxÂ§ÚpõíÊô»G]ÞÉ¦Ar£û¥JÄ³µD¿ï²hÊ•7Ñ-¹«¸D^ðÁ[bBÒü„Ïw#"€åµú(	1Ó#æ{ç^Ý`¥ËS:q¹˜¼(´ËØíˆLÏY@ô+-^$›»óü Š\ºæ8QÄ}jr¶¨IUì[_÷R„.˜I¬_â¼@MžW¢(³>5±ép€gêç(©x)qeÇ±#S×ß	R#ãA©¤}@ÓOçMoØä§ƒ#ÒüùY•EtÃÓ?ª0¨2+ z0Ù+AÇì¹®ÊÃë 
<ÞÅÛA¶mYÓÀÊœžŠÚÕzqnæ‹4¡ïŸe-å€ƒ0Ížê	|`Æ »Š’Jqm÷ï#x$gJnû9zÆ6mæž³BÝt…üRBÖ½Ì¨çñøVâÁI×sÌˆåqã*Ä>yI\	0Ž9øïêê¥E8=úËœôî,äÔö¤îòêV	¦ºM¨ÍlsNC)í©@x™¸K"ýþ§
JÊ[–±õoNtWýü1!‹¹jÛÇ`®º2S½û}Ð’rïØéC8jG>ò#Ý·gÛ€Évq1«Ž?Od%OüjÍí_}K*V«±õl`9ò:™jªLÕ¯mÑ'ùßgp¹ øìðD(N“Woq0÷ªÌ9V"¦ûT Wü%>ªoeë¸BoËlXÌ|J6Ñö9+œ–Hu§u]éû5!†7ØG@ÝmY”Å}¯‘#`¸{ï:Ý_ÖIöhÉÍ`”Qá©ÑÄk/æ–…òÝöõb¡ºVöá§ËÞíðÐx–<qjô`U=ÙK“|)½gLIÍ0'Î‚Vü#r5á÷·b…Ê0´ÙÏ@Þ„å9á–Yö~£Ü´úó¡5o&<\çÛ„ÒÚUì:³›Qîô®©X°$Ÿ©+™ÁÔv)óÐ‡…ÜÐ"èl„PN½Gÿ&FvMˆd&=k¦ŸT©#ú%<þ]ÌÕ0oÈÊ¸áóÂð‘™„Ä„
mÔÛÙ`>_æ½’vMŒ‘‚|~‰‡y]Ù’	äÕÙÅ!û™€Åp%Óh;FÂ<i×è˜¡)†èÛ5Ù.Lrh¥Ñú«ÙP¼Iâ|½ª¼Ó%!”kXâpEèÉ©YM2k:¬¸ñ‰mômé«dWÃhÁ*B^|™!ÛÓŠß”~âø~*$ ™ÚÔú€£\œk)<@Êz¢½Õ”ø9hKtCðìc4×ß_rUwõéÄ¬éÉ5ÌÝC
á`‹÷|Ãy‡_`?Y8j˜+ù=¦ ]¤{Xsåö^hìÉÒ¨éç	YÊ/Ü_ ÍO²Vn'Hà¨•Âyel¨èÍó”·1|Œâ¢µ¹}GÇ±Uo‰	Bü·³gÖ«(Å3²Îêû™ŠNB¿ŸEÂg©>~^h¤¢)H'[+JÚª>ú)+¡@áG>á¾ÙbF yaþwî‡[ö>yJ~ºpOÆvîzƒHDeâ<0†¨æ$5JGÕóOuoÅ74ù±áåû@fÀQtô"Ï•õsèr^Ø×(Ú5o¯ûmóo£CQ¥–Pj‹åŽ?ðJy+×s^ÈnK¸zæ‘%ãgÈN2Ê*~^½gêÍšÊÖX@›ŒMUZooÒ °XŽHóR~Ýï;ÐÀ};xº)\»F4KÇUC{ÏÙD¡©z]gAî†JKQ#êWîm{¼œQ³:>šÉX¡j‘äZÉ\enx¤LV-b0.’dÅ¶a
#d•!¼1R9›|²¹EþŒŸÉ·Å>l$—L‚É;Pp=‡ïžy
BÜ,ZC³gÞÐ´Þ×ÊK¶ä¾:·ÅêVÓñ!w-/Yò›^B²ù É3uu.Jx³âò$“@z‡ð…OÈÚžÿÔtÙ§SI±µ_š†ZAÓb%Ô©ÙÌæ9cqÏòÑBE–»Æž¸èØ=0‰°ém(!K1¿liQ#Å]$ïd¯°©6³	Îâ’‹^º:—ÈÍµUå&¬k~˜%RÝ²Kà7rP•‹ÜždBu|Ì*/ÓqÍ@
½Û{¢Nü{dÖBS%×}=1ÐrÑ;
µš7Ê2Ñ”X¸À<aä&,A^§VÉÿ0v¨neèk–C"‡Cö[¤@µ½n-€ìæÚŒ²©¿·j˜¹_ª=Ãì8—*W32ás«O8ñq(‰Ìž²')U7úÀÖµ>%9‘>>ê´]|~ˆ„ÛtÍ¡u_ÂÒ`z/î™Ù½Ž¹.ÌTÒŽ^×&1?l€í†ä…(
iÚnAágÇ-”U<EíIÈ`ï‹s½«±b=›@‡Zuí=û~+0»˜ú’vÊ%²>^v@Àž'Zålæ7ŽX^D`óÏƒ&û²É\¸¸«Ì5
%Wa¥†Â·õš48:ô\ÆdBò¡Ê:%Ò	Fï/t„ù\¸ô»h6§
>«µyx‚¤ú$ª¯®óÎý¢þ,kŒH];A§;ÚosîÅÌ^K5¬j§ûÝ¥9Ë†â…¥,ò8A^I{md0##ôÝž	¾ ·îFa€œ’R_éNdúaiÉ(Ý;—Y•ºLSUT1*—*Gäy0zID3©U¬¤Ìý^0|Ë¦Š¨¾®q^kb³©©j*(çý´4F%‡Á²½Ù¶ÄsqØûÞþ ˜ ‚Ï—™Hd"> ÍÀ+I"6•º\×‡”Ž_0µÁ8+EÈpÀÜš¦ØXAÓŠl.-’jÜ5Â®¯ä»×>è¼ÂÍXÃ"²øÄ÷ •_[HÍ LÚÈ
Ûfz„ŒÈ"ùãÞ”»âÌ‚Òõ{0×ô¹üAïÙ]qv¿‡MŠc"âDk÷"Ô3•_“zÔhlå¸z+Ž ûBEéƒ/&â·qA@
€YnE‡Ãvb‹8¥ñðzÄTšÉÐ¦Ûò‹o\Gzvö uØ"ÈÏ—4È¸uÛ\"ù7†H‚Å91L«àÎ-ˆâyk$0Ñ‰ì1x{6í·H«“N/-m,¦,µ)&OÊP½Vœ¬þÆ0o¢cHµöÖù{Hón°6æ†¾ÌB5iÉB«Š„Q´l×'R4}Ó8EÒ‡S#×¶4ÄÜÝòçž¬44µÆlÄRe³8håFYá‘Cs¡§…g£8wˆ~Êz#ÛñôLO,¿Æ%_sRW¨•¥@°•]¨„uæ
vÊÑ`Ø¤ËÄ QRŽŒ{¨d¡Þû`´²ìï©Â9UÞ²²¸^S Û±	d1S‰6´;<!]LƒŽQáñcÿ“£×ÐŠˆê9rL—„¦)*5Ì„?!ú˜9éêvç´Ú§˜Ü~P†s“ðÔâ!ŠËîüÜ@¹U›h"CIH
D#Ù!F[aMNÁ+çÆ šC½Ð-pÃ™0Ó÷]$¸õßÍùßœY¦V™º0ÚuÙeu|<WHú xZ~µg]o‘wÝÄúAö©ö—«â<$
ý§ÌQÜ3z0.vx÷TœufDpÑÚ‡Y^ˆp‡ËxOšÂúîÙPæª"<™G2ýÛ80bsKa—j»Ÿ}Ùë[CJTC¡—	|Ì"ž¶‘¢ÙJnxådçZ;ç<žÎ[¸XÚÅ†Ô–ZD–a„»Œ™¯†F4K‘ÏŒuÎuÇrÃ~K2Á·z¨â±Rö}¼^6u£›R¡‚]_U;HI‘«×ªT¯W"
y»ñMæ:€¡K‚<,Ý:ª„7àËã>DÖ7CCNo'Ìe®"d¯?öÊëùÁ4Ü	 fÝÏ	Ä‡ø]ÿk4úD¨Ð{º¥|ÝúŸnö0½+Èì—+©[ø‰ÓË3ðŠ]}BQñY…FçŠš¤²í‚òøQpS-lY¬úÒ+fØ®"4’†¢ (í8jaAë7lRv!
¬…}	ª½Šø±Ö|ò5Êæ?T‰šÒÂôz[½*W÷&ñ sùÜóã—#fíAh®±÷agq_—«×ïFÓùhÝélÎ¹²‘iÔÝ6žë[•l‘¿êiä¹c»T†ØÅÝe£)¼ƒ™@òïž|MšWÖ\†Ù•ôb™¸/ÈkX•8Ü2I|§žZÁ \´úæ¶Mþ•Uy¹«ìÝ\ÂDm"a=*‘ûÃT—óïÄ^}©ë%¢AUßJ³¦¬)ãñ±qFâàî/3pÂ©SjKª8‘é/JzÏÖîc eÔô[~Ö(Ã_‚¨©€ñhÅ!Y‰³¶>ô§e`7&[Òu$“
p6t˜E^“’‚Y©ÎÖÿƒÍøLHocÈdÙ{ãô÷Q¹)e‰˜´]<sNÒ.p¶äT~¤¶É>6|>”s¬fDÝÂõ²é¸±)¹:N,î+OY„’ÖóLQbl¿',ý MÛ+í'‚Ié¢~ÚLÒÄgõl{“âgîjI¹fª½>óävX¿dQM4a÷‡2#¶`Ñ:±Qï²x'Ç€Ø6Þlàº\(õ˜"€/(/½|„ó¸hTV¤§%[½ørp‰îì:Œñ½>k½ý½-@FÊèøOFðR–6XÑÔÎªYŒ¾U²ùòÀ-±„÷‘Ï²½ðì9„Ø¶-U±Ãè‚ë%¶Rïa#QÂºC}!º?BoTvp³$ÙžsGç-ÞharÐƒšªô¬1½ü |4ùô—²‚*&Æ…ÅQrÕ1¦kr]Ö&&*\’¸âÙUYŒ~<qp½w2a})`åMËpT—ÀåÖQâjã¦_ ºB†”æš%ÊÄ·¥økaMÚ”«Ýøô"ÝåÁá±HàxzK3TDéUÓ7²ñ¯<§*¬Í÷¾fp?e+ÇÎÞleK8ñltÄ j°ê0°ËD¡-cÚ`›iôºØü†ó”+à:å‰Æ¹4Þ@}Ý—.=U²HŽúßWqÊÚù5÷m½×<gæû¦×Z–[Rýà„©M*-…«=}°bÇÎšZ^`žQ2§“1¡™ÅX±Ñ/[µö| x±Ì—wª_¶í!×iüÑjË’«X&õü¸»Kú€óîV4\PY2ÜèèºlÕkªZ58 8å‘)-XðvT+lûoü:¢<æ®iYX{sçÇ¬+}3‰,“%+³ê'÷á©ømùþJØl×w• ô::	seÁ	æù“2¿Qi¯hû!X`¥!Ôo«Ë£&çÍËÃ;•ŒTäéŒ0¿Ng¶ÕÏDääšjÌ	!°¡šqB»1Å»Œ»Í—æ|¡7ÚM—50e=æù0!ŽÏ_–‚²ÎJTo¤Ì$·ƒÝåS«É£[˜Üú\ôø!–Jhdœ`"Ùü5$GØ—%Ã³>0ÔM—¹¬Šý˜ÇóHà'ÊZ´q–OÚä®G¨ÇW]´>Y6óþ€">®K®¼@•¹ÝÚø±z+ÞØ²-ä	î&™ºo‘qÒÜ-^Ž-ã;kgmê´s…úèT.éÛÂ#^÷šA†<\ ¤¡žÑƒ}QpÞ‘Ÿ˜£¸áC‡j²rcd§¿|{¯`’s£Ç®Êß¯Û:Èñ0àžÇnŒK\ŠÝŽ
 Þ¬´qaÎI¾,+Rj´ýT'ž)÷›f¶½vÛWíÕËV%E9ƒø’*TÙ	p$êÇ¦\×X'õvó®ÃùÊBvµ°•=m´%$Á"åP™"—ØrT|«þ9Æ´t~éóÃ«]ìœS€‡oBåÈŒÁ•.>Ë+s˜«xõÈ®ÎÉrîu(`C¨6Ô^‡Î5ØåÎÍE8Ö•¹	ëÛ°YË:v'ªrpï†	¤7Èº;5”š
·E%8’iï’{µ˜è¥òÐ§æ
Œ¼_W
ôOn,HÒñ9)ÿs0Yè
uµXJÈmi2‘6Ù‰×˜d©‚úõÊíHiY‘{_ôÝÜÇD%å1æ)W¡c/:U¶Ê'CÊMU1¶!%rŠîyÜˆÏSÑVïQF^ŒÏãN*t\FŸ¢`EÆg¡XuKU0¢ã0‘x,Êû‡R÷ûå‰=hŒ
Œ¢‚<«{?†ÇÉÉM&›~ô0«ôºRÜô
=x”Étô´9nr3FÙÎüÆVº¸<‰sé-iè"0²%«‡‚N¯³g·
Þ)a)ßµÝ=v¡Š…Ô¢ß¯»™I©>D+KÅíÂ,ÓñÞ³‚Ê_G®4Êú	~qã“€óÁî‚¬KÑé¤ÑÀ_ìw?
´ù7Ê¥ç-%\6–’¥§¤)>êjØì‚4±º÷2|·y±ï€#	·çÈŠ0F¸Àn=ÖÖ0ÌaØbº;©÷šº8°jÓFàµÀ)©‹–©rM¦¯¦"&FSÔíƒéqÝ£+¨¢º	YQ‘÷-ÔÙÏP tô®f®ã¼0^ï8šUýeSÖîDÌódcx!°¨«ÒØš4Æ|åƒÃTa£h·ýH½ÕÚód>b‡=ñ+K£	„½ü¡øv[…ìx3ÉÛÒQ*ÝËSuÛ{9ãÓû}	Pó°[ŒçŒ¤
.åH+¥ÛŸ.9+ùvP[>¬!“øñVóÉ»~¸òiú>ýŽéZ‘ÏØ%ž]s°ë¼Po°^çsARÅÐjë=¶p7½h…úÝëÁÎžç€©4YHÜé‡B"	]9ý¼'OÆmñH‹ù†HP:«Š±k7l
K¼6þ£wÈ»“~¿¹öC“qB†J…Õs±@SQXç0	Ö£æ£hyà_ÀáŒ]{sd‹ÕˆnóÎb¨-7vv‹‰Èüúk[
œï3~£ä2g™	Í `m}.‘nlREÒHÉ½˜·C
õVaixm„Á
Û
ŽœýÕ¬ÁÝk ˜‹¬:ÃÚMóc%„$AónY–
Þ9(fíÀö¦zns×ÚV ¨%×AjF##ù/…7ø×ƒBÑüA8j‡Õ0¥ãDìÀ‚wèËŽËŸc¼~“ÏÖ5q¾¿´b½Oíè%áX#QUå"Ñdú ‚¸Óñ_AD;»†©¢ïb!s„¢²qêIùßX·KÎý68ËvöDS=ï˜qñëHR¼·äÊsHqmkþ¤d[»hÙ«÷³³(Š‘Õ™ÛÍþa‘x‚DèÜ‚œïguq(®ß€eÜúíRÈqùØpª’oRÝ*Cø½·”[î©½YŒfüÿ"[Á¥‚KÊF4ÔPp¤’yÎ]dLËH'hâHé—«ß3®/æum2Òº‡Ã¨‰`1 gñÑÆbÙòFKúz»Ç8ÉÔz»4^¾;O,lB¡šn’¥¤"ªå=µaóØ{7å†»˜7OÞF€ÍžŸ±¼}HSNq(åm¬‘/µ4¤í‘ñ¨j_#P‚ÇHyuÙòc®ÖûtR©_ÿ¿îwf‚–È˜!6‘Úþo6	¢„«ü3-mãvÇÍ#¦Úë¾Lø?¡Tžz$®{Þ=»e´Õé6œn6ŽÝ8âb56vÝð¥Ùøç/MPHÐý,©¶Ý:ãïÛ´Qƒ®á"ÿôŠ.\oZÿøð¦eX„7RŒœ¸Ú
!Ê„£=§\»åíeVM½¶l4ºã›Óv>ö@Íjç¾¬B
¨‘sèg
Û½ÈðñÍ±ø>*F'³EÑž>ø1ZP-Dbõ=m2Ù_½v4\‡H]¼o¥ÄìàI2_~CfÓÎöÁ¸0xHù4dRƒH²¡ï 8üœÒ,T¦e»EéÈë~’ÄcóEc·o«³	ª&ì3nÛ.,›!ew”¯ä}x8Šþ¢^jdKT¾ïþ&LydIÜƒaå>:ÑÉKk·‚-ž‹,ëUô$8Ë›	
†6‚ÖK}i¦~V×c“–ÿ
KX¡S«œwBâ5ìDýå9÷¯ÒtŒW—žÙº˜²¹ÆmðÕéc	†0ê—'C÷<cXßÎ·HÓ7ˆˆÈœçJË˜ï0@Zç‚æ›9>?ª²›ÌÕÂv)õ?D‚«*^w>Z”ÄQ}, á´½pêtúófbq¼GÔ.‘|ñ§aW‰(‰dk,éÁQy†mÒ¥i½ {—x+–5‡¯D»Î=txÔêº
ÙÄ“oÈÀ´J²O+Y[¿xß½©Ø%£a,7»¬§B¸¾©¹Ù,g® £åÝÐ4úös¸MpG¿úâ#§SLrsoÌÌcýx#ƒ+¿?¹ |5JÉÏ™û?"R#Ë¹?Ÿ¡õqüM¼ÏS ð‹"Ä
ßš>'éÈÀ¦÷¤"cÝÃ/ÞÑj.:{j„œï%Ë—ŠÒŸêO°Žõ“•ÇîFË¾2ÝÑ‡£oÉÓÓòA˜×†z¹èdYQ“`6Y¡{´Þ,å€à,„A`Ž„‘$ª(²‘Ý¥ÄvÇ¹‡*òon‚`d/¾1I¥ÚKüX~K5ÕEY ¨¬,–	©NÅ&4HêÌS#jÙ“cÒ/²3èF×xZ;Äù’+Ã<˜¹Ì›¨±gSÄ D3ØÞ§K)•›{’0mÌD»PVã"£ØOïNKË¦gs‰‘v‘Ì¶V…6vÞ¹¯ý¸å˜ÃªÆùaž9ƒÎŸÇ
±4yIõz1rIêùÔP„g™Œ¹¤T¹Ý]oÞÍK¼¼°I´õjAÕ!Š’td°ã¯:ØegnŸêvªÖÏèåz¢J³r#®äÐ¹Ý‡líÛ}+wçNhÌ§ŠöDŒ¼›üŒMbÉWè:ûMì¤Y'_}×‹«ó–Ö	°Å®Žr»šÎxý¶‡&…K]F÷‚zm+'®üBWÑBÊæLí²ÒGÂPÌåÖ$¾VaÐo1ÍL5K&úç˜Û|Sg^,%†šB¬·ÌN”^o£ÌlL!ÌÝì á²¶Ù+(>*WŠ¦$""–¬ý¥ti²s.¤U(3¹N#’ø^¢‰Š˜/Lƒ²7Š£‡L”âãâ'±P_n:éW¹‹434:¥ö@¯–ï({K}Oêb¦¯—ùö¾Ï=kˆ™˜‘¤ 	?böyÂ7‚uU—¥ó×¬ºÏv>•¥ê¸™&–¨²¹® vê6ËBE9=¬-tC"‹×3
¦^V
T(3Kž—üÝ¨_¿{Î\HYÀµ¸÷_ôT2vFc.ä^1mµÂµ«ÞLV7ZJƒ4ÎÇ@@R#j¨Š—Ÿ²ÙÁËIÞ¡rìÒ;š·ïí§ÐÙ÷B4†ÐÎ›vÜ³a¨œÊ˜»Èä”oþŒC”a®Ñ¯à€LúÄ}'ìØgÔÑÓ˜E?;øÍùòx¯G¶lˆ¶7]X¶Ä`z-¢|ò;±§;A?y–Õ(ÔÔN
ã³«DEaCo¤ø§òˆ2åÛ1QùÔ±<Ÿè—pAp,¤Ùx¹‰Ðn”ÔÞt]Ë]ï¹?5ÈT+•_Â½†Ö\ä©2 5§¥”sAA‰*×FøGŽ¾ßaøyŽÐéYdUœw“§=[Ý0âÖú<€9„ø„™ò&ØÄeÑ»Òý
U¶´‹ôa˜!ø }ýú^úyQ›‘Óä&µoÿª"j¯+/êD†d=ÍÆ~Éx"pÑÆ§ÞéõŒ;:2ß.uwr÷,ò¶nUâ²³b$;¾,û1!!÷»nÛ|p*iŒ©µkadþõtþ®¹ÚVþœDšNÝJYcª
áÎ}ì©ìZ„\Æ¦,ê)E¸»Û
A)ncJHáuQÌ²¬Î;»QÍâ†‹²²†
*6Ê=Ä><Å5‘.Ü/Näò5røÞíÀ\ßKã®Æ¶ß£_
ìcmqÆ–2ÊâZÚBH“M¼o¬ÏÏFGÉ„AbƒTÔ#—Á7ª²FKØÝ±’¿®Ã0ìÎ“³X ˜àAöMòf³°uƒ{µxóÌ’w*µ¤îròYÔÌ~{ƒïÆ²*“²
ïÑ@¶ÿ=]
¦ŒY¥å¥(ž?7•üôö§¼™tg#Ç`är<WÇ°,+›ü3
ÔUäú¹Jõ -#ô0Ê¯éØéÏušºÂ¤võl?Î÷Èp÷JŠöˆ oëµµÞ°z”%1m^É€š£‘‘T’eå™Eê¡j8T¨¹ÈgE´]@	ë]JHÓH©É¿ 5—°a÷n`%¢mÔH%cKB’Z˜‚]’jöôÒ"ÈàÍ±;ézK_…„½Bâ`ŸJVºÑ{ +ÛŒpF‡9ËÔYn§›fÀIê^‰§oDíSÓ&0µ%í7ô0ão§t “™¶Ií5+í†ÈãÚ¸n<»æ'¶ó‡ÅÈTô£w<oµ1§’ºOÛú=O»¼ÑR1<³5ÿ‡më(}tŒã¶µa½ôÚ\¦š·ƒµ\ÞÖê(øG ”°ÅM3Ýi`ç¡#P:žpUÑ÷¥P\)wiÌˆÖ¡GuÏÑÜ‚T&tâ,!Šù¶Ë.’0÷6rÛBqK™sŸª#« M(ü*rUf˜Æ`ÂÄ´ÎLâgÞ¯IEÇD‰r—+3©¥QªÏæ%¥]€ù.š&è$Qúsõ’_ÔJsâ¢Ñe¢Œ…„SnB+#kQkÇÅ·šÈi·@qt³F¿Ú?’õ8?JåG’X±dèP†Orªï®ªô*ZTÈØ{Š²Tó‘¦ŒsD15\.ëC‘ùMáhðPþŒ%µ¡{Ïæu!fJºãÉîÄ†Ç‡Žýý$¬ëAnÉèðH|j\F»‚ÇôNáH»²‡A;9ÞãC‚ü(CuÃóû‹>¯"¼Á&ø¢%R“—±²tú˜¬ynÖï¢¶Å8”å2ßK\×ô™Ö	dÍ‰—×231•Fwk-á“(+[ÚTgPSï™•½
úá0Ìx,Ëö›¦¤.mG³ººh…8NàË‡Ì×°‚^‡/âT5•^VËä¬ÈeõèŠjwµBË¯Äokfæ&æ+öNº3±Ãp>±žFC†üŒMÚ®EsT#éQ²ÄRtJ"¾xý6Fm%õÔÛ·fíŒò"O+ßž™æšEW€;¾Üq1í°±31{–.³´Õ1z‚\ZNÒŠ*!¬/Nç~#x›¦3ª¡£,¾X‚Gü”EG˜×§ÚÝX¡5«…ß¾µxá0‰ôÎè¦ü™+E†žé\žÊFü"•÷«<<ïà”õ!A°Ì‘ç‡\NS·¹"y)pj”a^®ÅZAæ¦öç"tÓ«uüTÛX¬Ré3^²00.š¥AHÎôVð
#¤yá5ø8œqý¨W½Q'EµNƒªÞV{íÈÁ’q…grýž²ú- á÷‰8Î}ü¼[¸z‡¦P@ Þ¶§V)©ñZä#æêz
ƒ³o…ïéb4 ÂtjÈƒÎÌ3>ÏyÎX®Î‡^Ap=Uƒë‰ÓRóT†æbÚí™Òñ]æ	K\zy“d ÉfŒ‰ôÞu¼r=
JÉ\úŠ‰ÛU¤µ0ãì´—Xx?q»	kz+m–ÔÜÀ~îsý¦CÓ€_N€1ÙïskÃ\½—>¹Ô§êq¡óT‚JLÌ`drQÏ'ú7"kùK
´WÝG²<]Å›(Ç¼p\5ËÝW'Q®îNõô
	ÌaO%ˆÚsC†áîf3Ø¹‡àèëùì¡É÷8Š™Ä‘V
þå4X)…ë„¾âqKœš/gÇQ©J¤.Ö)Æ0HkÝí÷G§7Àq¾BOº-{µÙsF{¢#Tgèÿ¬Ö¥úDTJYòf²Mˆr-ÃÕ5Åm‚k¿ö&îjgˆcu©¦Œz³.]jo&/ª‡
˜¯!‰ñ ß${‹ïÃ+öèV88KóÇ]º+kal\,r*Q.QÐëÐ+ôò")Êøw*Lÿ—â"ÚÌ‘Ã”‰áA¿Á¾ÍUIÆ²6ÿTÞŒ@ª Þ„`Ì‰(:crbÂ‡¿D$3>ŽÞßäEâ«8|K W5‘°õô¬yÐ—•Êh!®‹uþcyãw®D-^_$f%P’ì#5˜|YÏQžˆ‹‘z‚%-RÎ—/€Š¼;,èW‘ÚgýèŽ\aB|uüºz
÷°@6H}r¼Â¬êÖ›©ÌÖœ“*I
‘8Ç¹óp
ÙûLÑËrgd¸8ÞèE*!¹@24@1QÝJŒ¢a"‘Êl>/bÒÇuyÅÄÝ0›o¾´¦šŠ%S	~@z”5`ã(…áÍGë¥TGDlÁ¶öãM¢£c	¾iˆTJ§%™çôÞsÌ²U•tå›j‡üŒ~öbÓè#R¸C0Œ‰@šà*7©Å1Þ"‘Ò1èUe4€@ûoùI5#~9¯ðvÖ”0ë,¼O@,…MiÀÙË—È±f„/?°2ÿ`X™òkâÌY	´"1*Í%°/éŠðÿÒ±
 q7¾€“a²¶-lOÃäüâÊòÚ¾`û|DŒ%ˆ¦Mœ´M0jx¥!å@›Å1ª)Ÿßx*fØë	Õ£ÃK‘DK‰A°¤]	"*wÖ£Î\ÆI¬ðÅóTŠD”ûQõŠ”“ùÐ _PßOˆÑ¿ŠžÛŠ%Mpâž:(xrÒV'§|ù}VcC<yvó…ØËÓÅ©3èÑ§@DÄQÌ@÷†+ºØw·ä¥3ü~s«1–ƒbÿpú‹`|å^ûIñÝ–»”N€±p7*üþÙ‹¾Ñ#ÂzR‚Š–¦õG€,‰Ÿ?Í1ÄÊ×l²f"¯$çaÏ9Fr‹.^ÖœrÀ±ÇK7|œ-_LÍ§¶¾¤´aG3^fáñÇc	MJ‰Ø¾Ã9Ò™þmYÏLØÜõ^†ªØ#NJÍ×I qo‚xñëƒ×(rlÁI½/
 Å‘³ô˜ @–o¤ÑOÒmEZÀÐ'WãO-}z3’ßGÂgûU	œÚÌâWA‘ÁÁˆaƒx€Ôk"U›	’R9˜`kò¤º<Áeë³íöEFQýJðRÇB*;Ö¡Î¾zh”#UgúI¥÷C`Õ#ß9Ç
a²2zÉF§h?qó^¤çèUÂ\"²”ŸiU9Âd˜³)5wôbÃ+ÌaËrh‹£8ðdGçlnh t¬y†1´ç©”KÁ€ª®Ùn’|WÈuI³l!:.“Ævâ<"¥"¸X,wª¤xEÂ3ä.8d>|HW¬Øî,J‘—5Ìè<Žú3(ÝÂg$8So¥0$K«èŒôz;’›©É:µõÍ—ˆI²M ¼—®¶73&mTfú—7\ù>h%çø_•Oø&R(§¦é%n‡
 <¦/ðŠ™„ja«Í¬uã-()¾l>Z€Ž @ÜÐgxËXÄé§_Þ¢‚–‰¥ØZÐÃ²Kfk þ‡a%G®oˆR'>o†í÷IÇ&!Š+3v}%E‰Yz–)î*‡k|¢x‡íàá›¬hsYÄ¬âP¼ÜFj¨9µG5¤T‘àÝ¢Ž SËÑ\ñAŠd£á¡ž©¬³NšN2[
_ï“ý"f
@™úüÞŽU¬}»×Š/üFGþ¾ñŽzÍãû…é3çŠQf±¦FÅ©@ˆÙ†—tðŒ¤Äk„+‹Iaúg=¤@}ŠOhÈ	3	Añ)ô}Ñ*RŸÊ¨WÈ9œ—Ëà-¾è·Qü[ÆSÄÒÃ¡‘D,üÎ˜¾Àø3¾´(rÆoN O¦¤ŠªzÝ»ë|}˜JŒ>_Ha3-ß E‰’T—¤”ÛËÁ–à–}œ^>û¾˜&sVÝ$<1ÙVæá¿]:mYò‘d_H<›õ²ä£°çÅ
ñÆ3ñã²aä¶‡£•H[B¡)ð—döQJ
«¥d*iXÉä•ÑúÔò$—F”‰ÅEd~š¼$·ìíÒ7±rÉPk‰J/¶ ¹c˜Å€òÂ¢àµ#• SüÝ Á#SÆƒ@3%t®ïlŽM<jÅKÈ=˜t2Ôàbå>âkzGÔm¾s¢à…ládËú«aËðÖ>#ôdøÍD¿±-¢ŠâdïÇ•Ë”ŽÎüHOvµH3·ÒÍÊH/‡€W0[wAUý¥aK)Ãàh¦fç÷(´>¢•½èãú€–îZ¦YBÛjLA´dRÛÁ\ü]!2wÈø,^bHlÖ¦æø›oWªñ‚ïÞ¢ƒš¦rÚ×I-£N`.£X²B’	LáoÌ¹¦{”¨JÂ
¾Ô.ž[ÞJ@ŒªªÖÚ‰\B{1c8Ñ§ðsÑÛ@”%'ý
 &oYËPâÉQþ\²ÌaÒ„3"ëñýJ<±BÁç€ƒnPr5øG¡Kæ1¬øH7E¡½G¥
ð|¥ë	ãï&w¯ýŒT”àK–”áBCª$¢!ÇçßµÓUÏN¤î}Ç–RÉåo[è+|tJKixû,Ki=Tôç•Ÿþ,@Œþ9î0j ²´?Kù±nºÒšŠºHöØ]I*bÞS•×È‘NäÃõô™kzÕy¡Êµ»Aºù.Ô}½ãæÝ}Ð•VW»>H*ð™;ƒ#¼ öÓ5Z@áœ;y³W[ÝÓr‘_;UT^?÷&(‘ßÇ“—ØyÉÍo_«nîq\we‡é¬&5VýhÿÑÙa
d†ß+Ftyã4f‚êêò¥ž¸é¤‰ÛB)kØÑ;‰ë
yÝ˜ü
d7e®Ä#Eûò"#ecD½É–Õ-ãÉK¾ˆÂ!óí”(ÉrÏY!ÛÛóÌIJŒãïU†;©T€<tiUÒ›ÚuÂÚ…#ÎÃ:†²]§ß¾Äâ©î¤|c§W=¦\:Í8d²™Ç0¶ ™µG÷ríÍOÛ”ä]¬/ºöôz+#*ç@9Æèð.îË?f±T\Ñš£8~@ƒlº^£$+É×æ=ÿ_†jLöNTù³a8+ªbÎö8ßB6å8òVÍBÃüª*;UW=DãæÖ‚?$WaOçk2T–ä×3ÆGàiU´n‰ð«XÛ¤¼:¯6D…„òãir%ÅÿwåÆ'œœËxá}Sêp”&]gîêØqÜîçÛ‹¨°zøg×„~J¶u¸e»£|ZTÎ,f,NÒb?|“úwYË7ã-åOR’‘ŠÁZE(uä”?µt—æsu£hF,‚MÆïï¢c~%l^ûOž’EÿvŽ[ù%aŠ¹ä4w$&
3cï@³ÂUKó/\š£·RT,E½×„¦ã"w,YµÃÇrï“ÆÏ7ÝÈ,cC+xwðÛ¯"”ÓKã°é°6ZIiVÑaîÃÔ,©›²øØ¨ìN	¸ú$¸>T'øÐùeÛ3É;ÞKv‘¨XûÐÚ›ÜH&ˆ7ÞÈ†ÿ¨±“TÒ¨>”5íZ¾Ó½¢YÐ^6Ãøû7Nè™–‹àd‹ÚÀ%øÚ€ÁÑÏÏ®úIJ/e3ÍÒsÏ3Š¤àÆÿ%ÉºS¥¤^q.<Ã¢,"ié%ù=Å(þL¤Æ©éK•æ!¿YWZŠÆ(ÿ}Ês£$¶Í–¾?T×â áîo°íYºÚEÙÜÓ½ŸF<JˆåW,En$Ø!ZgbÑðíÖ@6™
ÍxÐfÕÈÜFºcþIØÈw¦Ë¬ü3‚£ˆn(Vék"mþ—<‰Z@LîäI³þ
ˆ|„m¡ép¤GP²v™-=L8:²¦µYhG}0zi‡â++Éó§ïKWr~úLÂ^¦YòP[:ý¥”úJ[7Ø®áj†ÜWÚ :*šª«ídþÉ†%,Ò=§âÎ–âÝîþ.
6f;A¤Q,il{tJç(ÊªQ}œbäã²QÇ%¹ùý“ø@°SÒ¹yÆS.HXyKS®³Áí&à„#î«2ªk-¾üJßvbNŠ#eÆ»°·âo`Úø2Áà'P×V¡v9Š¨
'Y\¼q€]V)TB~Xc›†XHY%ÔXuß®Ê8ZóicBÚûìÄ÷L«§_K•™+2×uë@j¹L¸r ñp{¥È“¡AZ·9tÈ%¯FeGðªK¶Å|ÄXÀiR*T…¯ôAÝnµ•®Zr¤žhö³ù%:‡=Q;òè›,•*mš¶€¼„À—»`Ç¼«[…Û+OŒüfF×ùÆbAµÍM±
°ªàÄúV1Ü9‚Òpýâð-Í]w‰Ìß 1ÏÈ¯5 {ñÆÇ['c
Z¬4~N"Ã$nw7}¹·rˆ2«*-ª$,íLRT©€¯ª–ñXœm
ì÷´Gª«Š-S?És¶§UÀ…ˆ>Ôaº< |\©^@!³Ä~+Ìld¶¤ òa}øP`%[gY¾?çËx¬
8²“óvnÕmbƒ)¹«®¢À@_¾ÒXŸG0±¸@	ŸJ<‰æ°I¥ÐQ¸÷ÔMüÇv¢á€.sÖTwS}Á™?,rCÅ‘™ñýÜËUë&ö;š|ãŒŽ¬]ÉR÷:”#å|jDsã¾YS…~7¡ô’À‹Os
5 ‚|¥åîŒçèÿfŠ K:ñªÂášˆà§I‘¿\drÜßû‰Å#wÃVTq0J[®•a¯f)rd¾t[ˆ‡^Œaù¹ÐTQIšžy¨L÷INP´Í©v©a´ìd™ÔŒ#ënîfH/Ö™æ{³ó™‘¯…ûþ$Ù–‡ßgquJÊl´úò?(§ÓÄÌ—¹Ýþd®gpRQSñÂT!ÑÕóñàæOn"6_0 P^Õ³+#Ýºè´F¿]Þ]ÿLOŸ1\Ü
íZL;„(ën'Ä,÷ÆC¼}Šå(Bn}ËªB)QûM™Ö(=8 ËX& #ªÛ'Ÿ-^KÉêàßù×âÜ\ØÀAY°g´ÎùðÒpÐs¬gúE¶×‡é]>ù¸ë¶¶ÂÌ`ÐÐ0…ù÷`Ïïéy	ó¦À6Õczj1ÎoSEìÈ@d2Y¸0pé9X\
u%»ÜA¸KLJGVŠÔ¾ËÉ2vš“™ÃRF³%©ÕZiš]¯@Ao¹ÌfÞTrTNµtm%	½Áj–Ú¡ZÚZÅÂË£ôZ†þÜã¾LK&ÜÍwÃ”(µÝ"™ÿfWì¬§L°¨qRÊ¬I§æFM—98¯ÊÔžAšY.7’Wà›¿š>}ÿÜ*É‘ˆ¨{Ë¤³Ú\ÍùåŸwÊ€ÕS’y‹u¸´Œ²^)ö™jéLÕ
X`^£<ÉIk«ã›'ù¤Õã+”=’ûŽ–ö©†2ù3c¾¢Wu„;.Ö~˜¯iz¿¨±|¼m¡cN® ¬çe>d6›ù¾„éMåHJ‹÷ÒäñWâ7oåÈÍ›Ù>#ue×ú±òIú©cý†L¤7ê¨9‚	±´b~¹–[}pçôN8ZëO£KÔ üý¦Cåu1,Hi±#7P‘+0„hæ—›v‘fYÖŸ–‚@Ç$qºO¹EÓu±÷kCÊÞQÝ¾Öí•ë²aWrÙÞí0×qÜMZIø_ç½!bÔ
ƒ\xK™ücT\ùJÁŠ’Fæ“cÝæ>ë;#:Ø¢ÝòH@cà§øMÁ]X,BzªØûbJ<	2øpË)vÆü„‹Ø…”ø‹ˆ
ñ‹Òi|wôÃl_W/4Î›˜ßùét“a([Tá¼ë…ek/3×…Ç²¹Pg_-ÿèoûÕ±X`ruÒh'¬ÑqjK`6ðãG9˜SJæ%õ3ñ'Ú†{J’ªVFæ'ù}d¯ž.5+¡Ï)eÞp|º²žGÆåÊOcqþ7ÿNuæ¹qFí=g¾ö	¢ÔÔ„$Ø*N“o¯•z˜`‚I²‘…¾ód»ìÏÒwwriæÎóUt"Žû-®:kØµ²B-BÞ'ªÃÚ¼ö`Gÿ†újÚyåˆ ±_ Ÿ³AõÚ(l
Ý›è´*“€áDì½ëúŸ²è©«±UþúŽö’9Vó†8„"©øj²Ïœ]Ä›ÿÏÑ™¡R˜ö"ÁdïÖ’ðe"ŒA)â éù÷íï%`Ù‚@uÜžFÂ@›\"Îˆ6}x]¿`â´„W€8¡¢b'"y?Õ˜+™êýl‡£Þ€9	ôðÙQ¿é¬›#_˜êpk‡'ÀáßYuhâÜDŒ9jWeÑ=Ïº®£?Øµ’ÛƒP6ttÁ`R‘î{RèÜWÞ:Y·aÜÅ6dÄ¦þh||5\)ëçz&ž}Âˆ ·“ž£F«NÁgf*§j¦Ø?`ú²v+ÐÚ ¿Mgê
à„œËŒTJ…ÈÕÑFZ
p-þ# UÅ $wó½n²ã¦ˆÄó”ºÍ÷´©oÐEÀì ìÓËzn6¬—†!Óúeòl¼^^ùgIÚ×Ì›4UT¾²ë2¤Lê˜˜Úõd@^“¬×ºó'z"[2;]¦†(¼¦WnLNžÙJ”ŠQœ†äÀÛ÷8¤Ð¬tê¹ˆÇŠðë“0½ÃBvZb˜°c×Do/¹(Y|2±DÍà}†¦±™f6Ó„$z« #Ü…Q«±Ô£BQ7h×”ÃŽH]™!À©n¯byWå~LßºË²îOo"ã”é!¡ó€|Ñàgj»'j“3?¶}P÷ŒºBL³^æö•	
ël‘lE–Ú7R/$×xî$0,‰M?î/˜½dSÍNâ7Løž³
´d®ñü%|D|¦Ò³÷x@Ù»é®Ð'¢Á°e;ç÷ããHô™™½|•dLëA-MÍÐÙ]gúÖäÉíW„ïÊº¬N¸A#hÛ±hùq|}‡kÅo8OQG¥Ø7ÐRMîÚ¯ë=t¡(ß)™M¹:ôÊ»˜%x 7oh'IÏ^m°#E$l2Y-™tÁD:¨±ôŒì\õ¹WùÇº'„IBÛHÓ<Fß}Ùc1[›©ÄãQEE´¤¼FLúiÍœsÙû®äs÷¨ÐÅ{º=åzÊŽÂbl>_Ìo¹†‹ŽæÃù_´_é4ç^·èj3nñür9q¢VK1Ãš†áYõžqtA«šø±ßÍÌ…f!aieöÊþÙª@‘7nì“híbšbZ…å³VÏL
^[.aý
ŽýLƒ"Ðc<ºŒè‚IçZŠdlv¯ÆÝÖQk"püZô+Œ|¼ë{3n>‹EõÊ´´Ôa®¨Ï)Q¯Î9´öé*XŽIÜôCÉlK²=1¦ÿOÝXw	è¸.Å½Q !Tˆ šò™D4W`p]wÓâÎœsf’™Ë
‘V3µ’UÌgÎË9Ì)~™-ÕU?©o%L‹¬Ø"»S©¦ïùè½.ëMªÓv/`<š~îôôôÞž_ïá?Îæ¡¡™3¢,»<Œ«q$ž|õ(¬¹äZ<)uqU:§¼ÀÄO¤•+ÕÅ?—ÄS9ùØšISªw™ÅNÌ5Ú7šN÷óEK0ÁIMêeêi@´epði¦}±’¸ïxv:Ác¯Òà3Öõ|îðîÇ[årýÞ6¿É
æÀÌÍ™AüYÏïy<°Ž“þç'HdÓ&¶ÆsÛQdÛÌËm›¹ÎÍ²kãF ‰l[P€¦… YË’†aI€.LAˆz %Añ…é‚öŽéúk³¦üÞ~æ¡&&È¹ÁCò.7éý”}ú ?Aý7ý‚üöMOpúï45’nì‹üûg÷V&Ø®¡r?—WÛð
ˆj®ý€*¥?Ò×íÝ‡Ÿ~Ò½íaWe>÷È/cüÏwb•sÎ}÷Ä¾jÓ%›ç;Õ©å;v¬‘§¶ŒOøT±·„0þvë†Î“ä“é†þÙ©ƒºË“ãÁ).ÖvènúÐ¬Ž LÒß™Iÿ›ñ¦	³õÝù“Žý×Oãßj·ÊÞÿÚ=å¾þ’&s’ÅY’'ÍÐ£VÌiðõítA4ÒX"tm‘€ù•._,gzeûðr.ÑŸÞÀD»]~È11ý§ßõs"ÆÊú‰ÕÛ‚b}›Ñèk¹+¡‘ÇòMµ1"¿+q°™T„ªs³xßÙz_¼ú{˜u÷ÕùÝ`0f1?í³âˆœyñµ…_ŒNt€ª˜‡Á®7.P^½½Lý{	üº°êƒn˜³ÜHw„û”Š“‚ä“®ûxõ÷
0õî%óëÁªºb`ÌÉÏÛ8Å±Yä¾üóNß|Îu¯þ^¦Ý½u~7XÌAY»ù•»{m¢ú…íÚ
9¯Ð¼}·^{Û¤ÖUþÿðÆÔñ_éÌë—¿I½J8ûJíÛøn ñ¡ûæòàöÿÔw°rùvLß-=Ë®>þ)c…:êJ!¤6Å}ô§TuU?½¢O?z{lõ©
ªr¯–R®¹Ü‡wï,Gúô¹niØÞ2Šˆõ4Ê^uëù»Vu#3>¶â¾õŽ
xõ÷%0ëîªóºÁ`Ìb~°ûkêÅæÈwG©mÉ{ð^o€Eiý	¿ƒ‰‚âh8_©íýj´š%²™¯Úçk³ÃøRyþÖ¬ùª{5÷K4`ÿ„´Vƒ×í"‡u+š“·hbÔKxåúÂþ)ÇúðŽWTäÑp„yˆ&ý(8ÅuJB?„IPDçq>®GˆÀùðŽfìèûŸ0KŠ‡['õzvghBïcxÄ’A¯^‚fâ¡_Éë5<!‰³ßa‚…luQMã
Aºc8Ô_ß‘¬Œ?¸<8äëP0»—Þ½ûoPº`zLÔOwí ˆœ}-Ïx?c,ßôXa][?Cm¿Åzõ·fŠxâF+ƒD_
¸O™^ÓÞ±ì¢#KØœ‘¸™çhŒG>±~x=Ì¿¿{ìr~y˜ôõœ‚žû©"«&-û%ˆqå×º¤ž÷DÃòW‹™<XªÜ#ˆ ïõ))Çä—ï/©W‘ws(&ÌZ¿ë‘ØXC¦Ÿh	½ÿX³AÿDQè¨}%
ãR†ÿCuòfYš‡#áaÔF¡0“ìˆ<%+œÿÒ6ÄQèCqäPË®ÈÏ1Â<a=¬‚BÞ;Œ˜ü·'Þu±7.
Öl(‰E!—(¢Jhóüé‰t¹°9sf¤@Þc¬3¢Ì¹ø’ôbY\Êîc£%=Iü””!øÇ;{nÜHW_Š>ið'ïµEú(=Õåú‡¹Æ &üiöfþ!7hÚa"_ŒvºÏQÎÈè’/vx‰P†ü´bhÀ	åÙ¼|‰<ûªÜí#» ^×’QølTaxþ6À4‚ñ8¯þ—%Pzž_Œ±1êKÈwë8ï‚ZW6ë·…åÕw|	œ+ÛòeŽL¢ƒ‹fŽótDIErŸÖÓÞáRçjÚùNÓòy<2›¹I‰Sî1½ a_”Tg,ØlÊŸ¡Æbý,~ÚÌ—¿'Ëò‰ëø:ö$(ø]é+ÚÞð|¸Nœç\R!±å2¨ç‡x³Ò!yÓ(þ˜L–à}Îyúü±£{‰Æac?D1÷A¹èáo«0•›Ý¶2ÝòÄX„¿bæG.m•AŽ®,œqÌ±h§~—w#Üÿ4£ÈN†µ\ôÃ	-å©Ô"o4"ç{Z9¬áäu%z>ûmGuœ‘[cQ6°éU±	²É s#JëÏ”à	LO#cf„3ˆ¡}Øh¢žŒh‰xï>W"Ëny‘QÚ˜Rð9ü”ˆß´bŸ™¿¤n–ðuÉ
¦c½–Ð”ðQË¿CN•£Y£†ŠÂêÖ‡‰¨!?š)¬	YcðÒõ¹±ÞCÿUÓ)Á:ŒæžÏú<ñädy^‡Þå“ì\bl›x9#Vá½š_²†ãÉ›øv9zO™¬W]tÑåIúbow8Ó$èeOSH_e_ô±M/Ö™¸TÍ³«O÷>e¯×xÓûåRSØtQsŠ²æqŒêY’Ã¨ŠVòÔýû^¼6_bÓ`ÿÒy„9ƒV?ŽZ™9†ó,¦ÔžÜ‡F‹öªôäÜ?A®uvG—"³ˆÆ8ïsöT‹5`ŸEˆSÌ³èTÃÍÞt/-íîˆ1©.V¤È3˜MÄ$ÒÜìŒfü›¿ƒ¾n~‡	Îâ`›†Ÿ÷Y•[Er°ÇãŒÄ3sâsØ\Pû¢vZÏ“s:.Œ4þÌêŠlÙJlÂƒŽïh€(“´ýáé¿£{³}È†·¥VÖÈ?®¯8´Ñ§&YÌú‰€;ŠN“E?-ÐLžxfW›@þ—É=%/æyÏw¶ý5™K¸h—˜™Þc¬uõ#þÄC¼Ô>ÄÛÁšú8R+ïH´}Æ%68þ“c4z^Å©×˜&µeâèÍü=”]†‰¥>±¾V“õfîäL–ÙÌÖÛò§Ì%¦×Ç‹“Œˆ<1'J>ñÑÇñ!ÈÌ°RöôÞL.¢4¿&N‰¨rJ;a]5^ã™Šd#µDs"¾Ù`	roö$$’Ùö;d0÷ißGÿyœæ¨ýCŠ/%
æÁ#gw7u¦‡3myB%‚ÿD	Lâql\êÅ/£Å$ý|¢‡…€gzû©¹®eš£3ö#³¤µ?Ôdy{\e¹ïwÕ¯Û·óèw›”£¼~÷ËÍ(¨O&
+	$Ð¹}«J©Ñä™ÖÍ&3Êw/1™¦OHÇ˜Œ'\œ‰Þ©îÚfÔbò¦ïî¼s‰áC}ù?²îðïu?$ÆÐ-¼œA^²ïÖu±Í“±ôœ†ú²ÃéŽòU¹ø2å!¤©òµr¥aläÜ0s…×ðè€ôOJL´^™½ô¾Ç)+÷¹ ×ìJø¯;íƒ•h£†¬‚~gˆ÷P]'æ‚
æ]’#Æ÷î²7¦©ä²—ý'$ÛJá‹öv!6»Çñ’»ª¼"ÙÊ1ÏÞ#ß¡ÒÖ?Î%îÛ…qzñü ÙHÕ'fÞWø¹x“Ø¯/…ï0°ù.JüßÓ+ˆLÆãc,öeiP©šZò“ùï¸œÊR]WLò†éô%1“¶®ûIoáâËÌRw§J‰Î#3ü63ÉAúÞ;hhW~ü"f™×å’!±×ÛG.]2°æ0¯aïÁéÐ¾?Ée|z9›Ì)'€ÛÍ™ù")=_*c£#û{ì‡Oç½D2tùÅ·ÖfËœqˆ{ú“sîßŒo/‘dÔˆ9£=¢d2Ùc¯B#ÒlBZ¶Öñ|“zÿ	>ÓL~<àQÃ˜kôæO%ZûÞS¹e¦ÈÔV%†ßEÚ§›j§Þ¢W<Ó¥ÿ(ÔÓÄyÃ9{éš§èÚ{)Ò0~¦Zê¯«àg-C‰ìz¦I¢{	º‘ÓEª+'{wŽjhez¼ºÆ4?‘âe»¼ À@€ € @@€ ÏùÿSó<9©Ÿ;R»ÅG¯ñµF„C§´3ÿùµ3ŠºÈkzè®n*zf×ŽÎ=Þä:x‘aî\ÓgªŸ—Ø`šMOˆ?Ó‡äÿŽÏIäÏåá»QY/;æÕu(AVñZNSÂOŸn£VWÏ#=¯,°›ãÙã_î½(ïP úÜKIs†«MN~¦Ï·ìY]õrª‘ð&6?s´õÖ>ç=ü‰!š}{"kçßú£IäÈÿ¿w)¢ä»á`O>•sF„ÒëR{dÌ³Óé&Ó¬Ïrùj[Óå”ÖZ“–(sÿIçfúù%?¨ÉÍlz£´3Éû5¨Õr2 ‰Qd¯7´›<^!ë9½¥´ç ûëj}¾øÛMÔÉðÁÀRÏÍ~Wýl þæ¥2r<nž.“I$/øÃKzÅºýIØ¤œCd`ô|J»µó@©Ç†ÇhÎ½éDtæµp½‡Ðp]{†¡ïùfÂB°€vŒçOû°rç‡˜
±™q§M¤Ö^c$ãÉûè<Ä²VSnfc›Ý:€¦g¶`ÓÒ£ãëä+Ch|>‚s'ŠHtC&|sãâ>>"Î>XoàCÞkKŒaóMŒº Û3Éuìiÿ÷]üuáÇBýÔA” ‡}ž˜m¥6	éÚcÀ© !YSâÂbzT‡[x~â™‰.0ýb½œÜëóoNÞQßlÐrYNùUŸ¶(œç}êµ£=Ñ7ùi]y÷"XWöïÉiÐ§Ã«H6Ts®Õyú÷¿M|–Ôyð©+SX)¦Ü¦e9úT½w_¹ë×þZOØùÝ+O´–.óá/;ˆ“Œ´jš<éç¹>¯^~þtW¦1üÖÍªi¤é¢÷v¢ü¼6Þò¤¯mû`È¶ü§Á¿ÏÉ„˜¯ÖñÛ¿Ùïé?«µµx|Þªíª}WŸÞúWùªÇ°«q?w?óm±gb<{Ÿµ•^þn%Ý"‹Ò-ŒWyì“5Å•Wè6ÂÜëqMêK1
îJ°¿kõ7å[û0_¦Ec.Am¹Bý{HO/Ûù×<8 ‚Ž++¿ôÚ>nRÿ0ål™[Á~öÿÇ{.»ÿañÔ~’|1øFöñzµ'¯ŒÖò‰1ŽnÆ—‘s ŒR¶Žøó]ÚŽP«¼)¬)£ñ§º\ÕªZ7Ï]ÍükibçÊlå}ÑþW:ø¸•Y‹ÍDð’¯È÷rmb,ã«œUkIÇâL·iŸFÙ ÚZ>¦²§žâejîººÿfkZ/¢•«7<õþµýêü+JEÜ;¤ì/Z+Å®Šš¢xë-–c38§UÈÎxßö«zÀÚ½|ëg~n.ûÿÇjV]ÙÒ~þ«Ø6—§Þ¿ú<`-[ÄjºöK4 odxõ{oa^)WÜßö½iû*û+èéLwÔ?ÄùÚ>H=‹^¿ç–{ó—é>ý„ÄïãZß*€ @@€ €¶~šÝ b)zý2|}Ó|Ð»´ŠÂ=t~Àò“1Ü"š’Ýhw“ÿéiÏÖ6þÝ›ŽØÆí?PuÐÏºýë¿"§Eÿ&Í¯¡Sã—TX×óó—v§Ä±ae_²¼,¢`ôwÂ®ZHªå²vzú—üË¢ÿäÊrŒ´wLV{”°Ö¦ä¹½{T…Ì=¥[?DS®¿²æzÂoR¨Mý¡ZåêÆ¸Ç4”Ù-GMvªµ€æûh›ºîÈÒ*€÷©
ò6ã‡y*@Þ27"yÎ‡JïÛjÐ«€ä=Òz×ã{€ZµöŽ”‰›òClÕÀ>ÊÌMô¡U6–/PUÙÎ,ÓmÊ`6eVg“ÊíýM¡Ð:Àøª:@øÖ½¦¾…{?Tb&RÓÛsÊ]¿I›jA’´ëPéé;ÇA¤ïÅïG$~æ¡â·òwÅ‚’¿éP¢vEm¾IÔóBÀÀ—OP¸UJ““ÀÁÇI¨CdðeðÇ$ƒØ¡BxBxç‚Â(k-”då<›¬Aa¶iPÖêmÒ¥¶·n“)(âÖJn……'+()Ü
%††'-(4¼|[¸˜ª·€·¬“åp‡«âq$@ó~4ž$$.PàÜ\yIEö²ìUx€\¥	P$?‘Éì`öê$Y<ÅCâªIÀ}ØC¡í@µèZZ§¨¼>ÅîOÐ¿¼’#š“þB‘îÐ$ò¹t2‘®äë¬ù@L’Ö«x«R†¤±[8t·Ù¿‘l‘Ÿ°àÅCC%œxø«-Ó? =ðlÚ
åÂoæ£-êòáQÒ.¨!ÁþÓÔUp*Ì@õ,4Ø%*¯…°2A¬©Ç
J4=[)WÜkbÜWQ:lÛöR‡ÒoP¦ak¾©×æ¯+XLÀyé_°AÓtz¹RpçšÊ+xEÏš.*€
ˆëó×µD…©õ_0 ‘êsê‚ÐSõŽ¿ÀRDýÒ/õ_`d¥5¯_p‚é…õæê†³ÖTZRÜ®é°£àèt½î<xŸ¼Sµ¬Ç¢2R¥Ñ)Ê‹kAy
¹z‚¯0ý`/ýR<°¹•á )Št)ËØRXt]°0Œúç•¨AÓ¤~úº .p%žÔ {¢.Ù©ZKå©^SU¼[O0.´uößƒžã§ÓH6"ðöAìIÅrX‡ý—5zwœw,ŽYÈë´Ø3:#ÍŸféÄ2Ž+c³3ÂÛ¬QnÖFôœuN¼9\g*³Îâ¬3¢é¬3pìÃ	uº¡«K:”Öéˆ®vŽçÅs„/¶]Ô²ç	ƒI:Ñ¬u#@±Áí”Œ‚Kwâ-Û9´™ÝYd™Gl|¿ 4†OrCQYX˜ËÃf“CÙHV rUÙ‡ŒEbaIPF•T‡Œ®XSÈY¦‚d¬l?,ÈY¨‚d¬Aü:‹U^9ÙŒ•qˆ“Åj¯œUŒU·ˆjg±J+gÃ±:‘m„
ƒ2Vh$2Fú°Ò‘³Òd¬ÜKKï,Vxåjc2V'ÿ÷ÎÂ†WR=‘±½@Iåä,VA2V)«GQX»ÝZ*2!a±7gFLžk#YXƒÈk™£A>5RQÌ¢¢™/<¾dÍØ„;NÉ®A¹‘‘¤l‘m”`e¬Ø]d£=±J+g	ÃŒé‹’ÈY*‘±è…I*"gµ#c K‚9&
ó³™7cÿSdx[r¯®Z|êC©boÂq2÷¼éò£é‚º"÷aÐªÏ`MåéA8(ú¤r–Q 0’ndŠ8ÂºDÎ|nGø³°‘±âÉ‘+Ò
‚2¬°td+R+º95bÈhaíjÎÂ˜nZ<2‡T…ÕˆœUŒ‘WXZÝQ»2Za>µœ…+ˆ`£è¡¼ÑÄ¼ú23•fA–Ì4JYv„¤@”ÄNÙþFæHÛÁ¢î(ÆÝê sE‚DÎÅ$cä-ëm2
oƒ2VáC‚ÎÂD±‚'’+â
«‚2¬ºŒd!…åˆœÊ+HÆHã¬¯Ê(ú
’±H@,°ä,`A2V8I…EGaîvh5(É,ÒK9•X’Œ‘ÏXc”Q5$cÄXdÈYÈ‚d¬¸šZ£°a»mõ|¼kâ®çaäEQ’ãd0´ Éga
"Ë’HŠÖÜsÄtÑj“’=ÂÂrnÎ˜2ZtSÑga
"XÑQÉùÂª ŒUÝéš»Á,,Aä+»Ó5w·QX”³º?]…7œ…7ˆf…„º+ï2
yƒkVÆ¨°ô‘³ô×¬_R°^(£z=]³7M…µˆœµ7ºfû …Aìêše¡YX‚È¬ÊU×2ÛŒÂ³ 5+KÖXgÈYÎ‚t®H¯¡EGaîvl5_éFš°ø‘³øç¬¯XX±”QÅÎYK³ÂJDÎ•:gwÓ…ÕA«¾Ö9¿Ù,,Aäx¿! ¸Îü]<‡@Bûß œÕÔë,µä,jAsV·¯X€”Q³œÂ
DÎ
³¼„Â Œ•àìœàDÖ rÕàìœá]e¬cçåga"³Z’Å¶…lAsVÒ²°Ú‘³µÎYÛÌGw(AŠ@p €þg§ÞÑË±-Ï~åÃf¿y;gŒJ`$L`°Ü
¢¦+hóSmÁžl4Pcž®òßšñgìl2ÓÓÖ@.—¿Ôû.CfØ}ük•[~eÿÿbÈ{!½Ô&£gîz…Ãs=ý0°ÛtYJ1´”I÷ÊµdÂë"F,ut8jídðÄ¥²mô
»º°÷¿³K±B>ß´yÏãE{¤Ñ2¾kŠ¾˜«3Ò„£¼ÊCÛ_Ž¹Ì×¼i0/0R7óSU {)¸hla®°6+Î#f$ÿ5¥°¥kÄ3OÊY]‡üè'Š[,SO·åL%ƒg @”¼{XŸ£12¬¹HèŠ~¯ÄÖmÆ°s×ÖÚ—%¿g*5Á“^(è×d‚×bVv£³cÌ_X
ìzüÞ<²¯>5ö÷DÈD£ôÆ¤~[J,+ýk/nÖÅÕñ—~‡%×J1ùüõÒc«i,bH?•™“½íLI‹Ðûï“HÉ–Xžo¿XÎzû<Sqý	|G)£goË&mríK ·»Ú5IÖ¢±ÆK¥N1l»ÿ"ÿ‹€ÁÇ‚}™§ž&…qòjŽË›Êcpùµ¤ÂÆø…_äŠq#JË¶ ²´lN5\¾•gçw?_ådR¶õ7S)@ñm.Æ½–á’aØ:¦q’–·Ú†§¬ZuiJvqaÊÕ†˜òÞ”˜-4-I£ßB^›µ(¿šc4ÑÑ¯”ä\¬NÐ°1f¯e·°c0µdÃòk†Í˜Ý.°¤]ÜöãòVú¥kÎì„Ë¬KÛåã+¯{)±	¯^Íì30_vµ3ÆK1—-È¹Zä‘U(ûM™¢•ßÛ
x.#+òÙ1ÁQ_¤0V4±®€TP0—8ÍÍS‘µÏ‘âtLW¿Ìô«+LÉ/¿l×»(ÄÜ×ØèX”¡™l” %¦KR6=Nf&7%)·ýÐKQŽ¸€É–xÒ¢í‘‡~–;A¹”9–ydYjX†œXfE;•A|n	ˆvÃ‰Ö(t¨E’D¨ËƒÆ–²[_lqååÀz’²¡êì¿aÆë~côãHÌÙÖû¼.‘3WÂ¢Þ+Û²MÐ9¹’„áX¦¬|Au|ß¦Lm®¤rL³®}}™LZåcsH[bN4Ç$Nö¡<Bí<&ë]^z0& ùÇ#\c®Nozi:ƒ‰  òß[HVçLËçøÚ!µ^s>“¦%²65Ò»ÎßÒ³ŒŸ¤qr)~5&H
ð˜¤H1:µZÏØÞÅãê¡é›7í"8›–l‹É71ZÆÆRx/a÷©þÕ\7[vfŽ#¨dñ½˜GÖYýYÿ1¦miü–Q\+»ìùV]$¼|~[r‘>QÔcòÍË¿u.o±Çc×q¹ÐÆóuB>}’Žš>·Œ¹ZBPŸC¤Â†k±u+]{[TÓmê¢ÉÞb¬+oï|è‘ç‘i7œöo¤þ¥HCJ7GîYç#,ŒYÒSX‚¼h³[m[?K-[+‘Í\ðsº×õsŽ®DDªj‡Ø`Lú8;Ê7N’ËÐæÄä¾1C•Äq×
ÃH~2
(Âí›Ê¼;HøãÉuõžÅw…ó¾%ÏÏå¨CífÈM®7·QJÕ.–o×0MßïÔÝi__N]3ûUõ¬Cm=òß†eHJ×î8âºf¢¿S\Òƒê;Xp˜ZI™ßfMÙDþÎð›¶.æ<Co€Ï„çK—ÃTpŽk”6¼Má˜¬“¥(Ñç7dø/Þ ”‡_õ†©§ZŸïÃUÚ=¢âÅl«ä‡ØK9Çá-šwWåïôððëúHÿ–(ïàõRÜäTD™Úž¡šxÛ:7	=þþE
ñ|u—û9É¾D·ÉÚ[o„ˆzÛÜ½<×õÕ=ÏãÊJ.,mlxÚòGã¿zŽ©‰¸Œ™Â´Yæ	fCÇ¤=Cw¼õÞÐ¢šî¿ýb9N[ê%†í†î\ ‡
?»âßR³Ô¸$Krü>t’iÃ·oˆ.°2ÿ"C¦<KkúMðt®¾Õ›K±Éé¦ŠÄ&³ó®úºã±Ž¯ãÕ;j2¾šÃ¤õ|Î9SÉ)&qj…7œŽû™ßÄ¾GÖ™_×ÿÉ¿µá·kã:T¢`3š`üÿE{)Îå¥µ)ÃJ¶#Ó>V*xøxN_ø€þ¼êu*Ô$oÏT\5ÖWC€ihÃ¢L·Œã¡Åèz¬w™Þ*ýgu^Ú:q-´viµ?p®ëÐg×±¯\ØÁÓ ÏIWÊß¸Ãi•ÞžaÌ7H6AKawaÉ˜›^AÏÿ‹‡éÓ\’…éCn
=;w¦ªÊp[3Éñû˜Ïq¢ßÆ²ÎT:üú·‚`šZšÆ5tccêŸáfÖè*ù·Ž.1ËL¼CªÓgWRF·Ž™‚'¶Tr¦w˜±¢ëLÞi(›ªg;š9Þ’ún×³¹¤ÓÙëUQDda‰;Áv8 ,è‰ÒžvŠ·+\@©…¶á¥ROÐ’wÿpjSTN‰Að¸”ï]²Y©*}ý•.QÇÔT.àÇŸ)ÅÝžH¥îÀ
>"ÑJaéî¼T8¶ÔZJ ^þTU‰è¦žC$#¬ÇM	†IÑáÂÕ¼3£%“g!årŠM„J„Z‹Ò|šlÈÚÏn;„hé	ú Øµ©ä;ÿ~=HÙ\¼þ“]ùJþö|]hŒÿ{
*ÿ³°_²ÑQúS`*£Eç‹ôNúŸ{4	Ÿæì‹Mÿ¡Š,ÿŽfuÈpþ¢Š©±nHÕàÑöáË…TŸÚç‚fðz2þ0z`8¥ž#¦_ÁÒÈ6¯3TO§€¯ºCRmXðhoàÙ\{;'èåÎÆì6P#¯ozÑÔÝ×<‘îlµ`¾‰Þgãlu¨„öWÊÞã	agñD¯³xÖÙ\‘z;+bo‡I³ñ¢¢v¸ ôOò9'Áœ8‰³gãD"³ñ‚:ÔÚø'`œÆ(Îã‰gpáíž¨p6O 7'à›áýÜaÞ¾Û)oH¬wS/^G¢ñÙx »®ª»ã‰çfx‚¸Ùžèn6'›ŠrÛá`¶6žZm'.›œöy=ÍÆ‰³ñQ`l<°×WsÝñD[³jAzŠÊÛáà«6žºj'¢šã	¤d¸¢Êv'’‰vdã‚š:ÔµäÆ'ÉîŽ$Ù©—®£‚GÙxÑ"l<‘6žDHO$†+ RÃtfñ8³x"›Ù<AÍl®(¹˜ÌÆ‰Äfã_³ñ¢-Ùx–l<ˆÊê®¿7ê÷Í·ýüvµðó%,ŠpAàírüÒuzS0LÓÅ86êPÌîÎj:ÑÇÓ5ÂCã.ó¦9Ê/í³®ñ –Y–Ë°x¤çYƒ<]G?\˜i‡‚¾[¿QèàÖ×šdÀ”× Wú0Ã¡‡ÚÎH%tÚtNfG”PôÖ¤(ÂÖ\ƒñÊ¶PhsM	*o“²¼M5%d #É	s4]0•æ”(–´¤®OZÉZ‚rLK:ÎþÜÜîE/D¸“˜Dñ’ò1Ê6šÈÑGuCA°]¿à›\³Œ	€fkL# PÀsû5–a%%X´1”¡ ™Óù‡ô1„«¶¦·ÔÉ¿Z®™¬V$WB:
MŠ%Ä 5 Ø¯Ë`8hídÛI
Oµ¦d”î¼(€À5ýznrË$JPkYƒSB†[! Ë~—IÎ¤ï&
˜WÍ”ð
t%4ÓYRWBMÒ’
öp;¿€P*Í)¢ÏÉ’ó y
å34"Û^÷÷õPÕ2GD»g}»¢ÜúíD¹D|î¦ÜÝra®º¨UjRX¶QPª	2L*@>zàI|¼•Büˆ4Jˆh#Ò žò¡«D8|w‡ïûÆcr)‚S!’¤K¼BeYH:dºGnÉKH)ØV»¢ÃrïÙ`ÏMž½íÁG“cÛÛG;+;9_~Y=CXÎí¸£;%Ã)ë½,V  " [ï½™‚vE°€¡Un1@ÄÊ;,%’ü0ƒòEDh …:ŸAxÉ¤ cX8LñŒ±ã8‘°w1&<‡Ú/r÷‰6GÞ8Æ]ož!\!g _CÊ´·Àc,É|Ý•
&c˜RÌÚ‹B˜”˜eâ†ÀBÖçø*F€÷”q40Ü–Ó÷®|¡‰«Ec†²iF£Hn9¿i9ç{Äq±…R¢+C+;h_9ôBäúXq”¥cœáyZ—>sàñ¼Ü-&ª÷I9×	ÞD;ÀÚÄ‘iŒ’,¬N—&]„taŒHÈct„Âë‰c“ÆÌcÑôæ²ó,3á1ç§Cê~Šë–¶"ðfCóÃÆÛ¯“éÍÞ}_K|[EÂd_ùaaÍ6ßìsuy`dž/D±'JÃl`	ÉûÄ´*ƒïaŽFÅö=¼ÆQÓÖòiMNÃ1dLü,!‘)h	‹‰ÆX&™] ÄužR‰;ä„MYj‚wƒÙˆ~ê”Xú'ìè¡Ä€¬ÿâWyÀZº, nÃÐëÊBJ¨àÃÁ†ÐLø•‹Ù: º8•ü†ôNSµ„•.œïALp44áôJ¥(ÃõI¶A\SŒì#ÇCìxÊ0Žd¶8Æˆ¦UOŒÔD±¹ðL™wã(«râ™”Yö3íMÃ÷ŠèíDYIIaÄX$‹<g Ð©¤£æ€#KøãÅH.NùÐm— ËØÇòz „÷#CÖö1pŒ¹?«¿H©¾_Éq9h(ÅÂMY*¤•K3]å¥:Ii#7‘
rø¼.i4ÆgGÕ,'€ßMžùÇ‰	áõr(Nª¨&âH|/¨‰N†oÀNõZ¾Õxq÷¸Ê›è…Äæ²>’bCDlBY‘,ìÞ|
	MZ'?ÚúãÏ¦j¬õnF(/€N&
)Ã11sØòO,g³.f™M®îì”—±>^lzÈ¨RŽ5Ša-™¾–€êEd•“ ¿JCq¶Òx…$ÄË¹S›#ÿu•|jt(	ÈÍ´åßÒ7À7´ã1vÜÅg@ŠO&}HÞp )¬Gî‡Qla÷D¤!—«˜£P‰g†x¦ŽØ#l¹?{	dç·vÑæ©ªó4®Ã®ž9"|¬™r3Ü)ÄŠƒöÄ~JÑ'Nõè	æð(æôÍö.}ÌÑY¸Ôc°q¯+±ÌakDfîx_\êXZúºŠ®Okê[ÿ‹Ÿ]ltKCÄ¦ÔˆƒÅUò[\vâQXqP±“Ø?,_„;–TÁÄ¯Cýuõ²Ö&ÕÂè¡-`”	x›Õò“Ïƒ2cÀ<±MšcÅTB!ÍÉ²ÁöìˆH˜ÈŒàuU<Úc•RìM‹^[¾-SÖxJ Úo#¶Î¤Êµ6$À.°)¬G£PàkhÂ!!2{¾4ñé“cTÔôL”z5Ïƒ›Æ'ÒO·a+tMªý=Ú¾
+´Ñ§
k@z+¯Ž+Äå;¶rNš vÐqtÑ’‡tl'ÊÔqQQž#Ú·fèg™4„¬ÂY¡ÕíæS¨YüCÒò
F«(‚]0VÑ“°å/¼F	Á™ãèt¦Eì•D¾õ†™H+ö7SiãÍz”"·iŽ'x‚—ÞÇ#%°cx"VìMlW…$	„hIB§±$´è.‚Ô‘3ÅJƒãº°ãÅEv"4Ówu™ÓbÄÆQá/Uªï^Õ>“.Ç‰:ë|Í©<¡†-ê<ûy.Nò%¹N½À¾ÇéÄ<žËîº%[ð¿®dkZpx2š5=õm‚'é(‘Ôý~'<Î¥&-‚wÁŸxø‰ÆwzNKÛ¶t¤Ôú4æð¾ƒ-
îºÇ“='SÔîð¹Æ”Ž‚9NNþÐz«Œ$j&RüPHé2'&áÑõ(wˆ–#šážR:
!<F–~H~{;B¦'¶Õ™ØXyJñã‰·	‘ ×%£LT9ëÝeÐ‹¦sÜÍÆ}I…NR¨>S™^´Už¼tÏë{Æ9§½±{Ðç]‡ÞŒ€±Î “ÐŒÈ h4î€š.$jRÒ‹7²ÀeÂ…j}*n
i›ìÀ²qP,ÞøNMìâì4vÆ¸Uå²õ"PîjIèèÆªb‘f¡mw|ògWb–!¹ÐLÖ|Â™ŽßZ&gŠºç…|[½Tvy‡}g×^Cˆ©¹í¹ØøZžøeÎ~ÃÆs<ÊP°G}T±„„Ä¸A‘.%I*PªÐßõxäñ½“W[‰¼'…íˆÆ1ñ÷éÔ;©
GóGAcrùÄT ƒ*ÓÚ[ç™áiÒŠ*V®ï5TÅŽŽÊzU?¯„4]ÔÓF–§á#¶û”òóUÕÂò¤FÃN]$z¤— =«Õ‚ï´JXÑ¢Ÿ2Þý„¨á"QYXÁ¤Þð‘çi«¨~)ÆÎ˜•ä4‰Áiè‹…Ïä0-¦V])Ùµ?¹ði%µ`ÒiÅ@=ïÄ¾$—<ñ¹Ç¥#™½Þ/µ0â…@±{@8,ìˆLœÅ¬Ò5rÕ•Â¾ïÂ,”J"Ê²†×{¦42¿Ìa3õ=YY[ü"œ¸À›Îd¤”ŽNFpí°\é»ñREt¸ÿú{Ùé `ù<N^šC9ô(UÝçýWÓ“e#Ë0‚UFÁ;Øony¡ä
†)qib…š®[¾È¥¢“f‡ÇBí2qo¸˜~bùH5l^;l	Ãæ( bF8(ºý=™Rb2’yV,M>4È>ŽPj~9GÄ5è©ÝB&ÈvË’‡#ŽÒÈÒþF$
¶ÚhbD³jû£ýEÒÀ9qÚ"âˆªÑŒI5±GÒÃ99°V,\‘„‘'>*”9%KFè{<d~ZZâ(º^ñ[½ŸKRô‡qIîÂÉ)þ'F7n'ÞŠ¸ºLâ®e~¤:˜Œ¦³ÌPª4Tf”æ Šó^\ÜsGHûåë8R°Ó¤™#âcÚÅï§Øâ7-±ýB†Ç†"?ª+óûKQTÇþ‘1Jêý5ž÷d±árà/äÐÚúöZZ¡®Eª%8bó Å–
ø;«ã<ŠQì\Y˜•iµüKš‚‹í–ûýós‡¤ãïav' AN^‘8ç!¬2xKAXA¥¤î=ÐãÙä²ç‡˜à½x<’qô_Æ}"$‘´$
2 Jƒ_¨’!JdáÅ$…»+Éÿèl š!eÑ@&Ð‡oÑ\S»É É%4PçZ1_íQo3j8ÑP¯ ßL/Ž ›Ú\p1,ÏÙ.úût¤‘Œ¿µ†¦è$¤;1@ =h+±Ö¶¤Cü£žªÑjùèYô‚¸Ê¨íÈ§$vc‚˜Ãáè#R'½ƒôßÈ
“¨<D|§â¦ª{–(Hz`iŠ"ø Š•_Xþk7…â—Æ"‰ßúò¬zÈ%z¡34áŸƒ5ßé²‹Ei¯½‘ÉH2Ø¹yÖ¿´¿'‰WäºW>f9õ&ÃÙ«5¡í¥´€oúNrï±îyþî¸û±™ *
QÍƒ+!ÖÕIµ_m¤5ø’záÓÔÚØ”$Kù§Ûäðàºd<¥d˜Í‹KŠ3!E?TD5G£ÏÿŠ’á„¬ÃT—$@•,ÕÚ‡C«Í'HÈªâ£˜ä`ßVq‡þjè!ò¯Œ=¶FÉ;äR¼¾g¹ë6˜d€ÝP›ýÇY¶Å¾–u«}DI/B1p¤ó!š0ÚFüÓ$»Õ‡%ÊöZ ”ÌtOó±Ø0#Ö~D¾¤tQ«]¤l"Í‘YˆjoAÜ«j‹è”hÿY[ŒfÇn†zÆˆŸüÂ’õGB{E,³1[®r´•cÇö§)^KüÂÅjÃ·<nJZ<õ{»x„€&fVÚ*:Âè£§¡êÔhÇ—"L¦þKI\;JD7¬»¬Ÿ,QÖ+¯¬6}EùŸÌ>ÕÊ»«+ÚzQV|h}”[r›âûõïW¹FÚ¥¥‰µ¾0m/gÆçËèË5²ëKqµn…éfð/.Lç>*L‚vk¹ýä«qš\¥R9"Ûd—¦¥AÛkŠ•=¿
ãP¶¦—á}íÕl<gµé÷uÅÉÿ¨Ô;uT\é\°÷-Øiƒ-í_ó‹Ã¯æþ9YÝ¹¿¥é–ë©ƒM?Í74-…KYôi¹øåºnµyPù¥åh”&Á+-ú†£¿"0êÓÅôÃ®lòRéô—ˆ4+üRÓ¸ÛÅ”e"–—ú1+5ræi1æoëÖv”¸Á¼Þ“LZA©6"Å5üxæF5Åýc«¼^O
ï¶Ìkæ:jKMs×ºõC÷1I6E¤¥
µµ]iNL·è¢»”ÛÐÍÒè“ëLq:¸7%¢ä˜ÓIlÜd½)ÍPK<ýäô»Tjz¡§Ü³T*xíSS©ò©kã	”Ûæ×HÉÅßî¯BŒÈŸVaUì©äw.–Ó°¬É°º°¹€åëÞãX±¥ZªÕèDB_2M\ã†âv²õ·Ó”#š™á2¶ÏÍl.éB›º'{2ý´?ºPóªõ1Þ¯²½µ”vÙR'™þ‚C^fœ½öñ“ÿØð¢§§+þàˆoÇ¹ØØ~Ý¬sÜ=íj‡¦ªe…Ok»Öë¡V§¿Þ‹¬,÷w*³NÞéÚæô^´Œ8Ú¬/ü¹ØBÅ›Þ&7¾¡×zÐAÁèôÓ·îÚì§µ{åGì¯¬‚nÍÎvi Ì’ÚÒBµEË~³Û¶M(jö¸ÍÊ†£.æÖíü“UÏ|¼ÁÆººÏ¾²½ÅP®õf{û¨¡ÆßìmxKƒÎ^ÀÞ™ùÍ‡\_JÍÂÉWpûsÅ.pÑJµX&.ÎÜ‡ý%kfrØonäZ5ØKñ¯„Rœ]ªüÎ¡p½Fwy"¿ÙrßÄ¯OYS–8™b:Ù•O¶Äær)Þ=£,¾cbßÅò-Î¯ˆj§Îñð2Šò¨ka	ulý¹¬ÕÜc÷ª²ïüîÛŸþßØuìš`À}[cR¼wÖ
'\“œ‘	Í-Ž6îJ7oÄª’EQ¸wyÒØKÚÖÇÝb•
£ôÓœêàµ}i§a–³ÙœZ¹S³†mûán2ÌÄQfoœúìÅ§n±‹##Æ:jçß¼ñOœ™^aÏ·z^s§ïÜ¢Ÿ™æ÷›c4O6Øsé½]R´8Es°»×ÖðÅ
›ÿ¥b‘	U²¼|µgüÆ¹_I¦ðg—sZz*wH_0ÅfFÞÖ†{ohÙshš\mi “h•(èá4êIçûoCëq¯N?OW¶s{þ-úæ‡Kö-Àr¶)¶õ–t¸‘ŽnÓo
¶NÀ÷¨Šæh†zQ7¨+™ŠÞl›zõaþŠÔývÎtqÊ›Vß7ÒèÏž8g®RÉlfà·u.ºî´o‡æä_w°ß²5æ2`É{×b*bÇmbÓáóÒzunD™¥SX´ds)
apü¯n¦Æôêì˜¥ª&%ù*÷ýÂf)X|ªÖ¶[Oæ³Ù~«[#Ò	¸Uèðé˜QS €]©Ü=ÙD0¸=v^Ãâ/›#Uz_î=g§LÜ«ÛÉ‘Ô€ì^;¤bŸ}ê0u“ûnU@PF!îgè@vþ†´0þ
?wÿŸqã0¬(ÔËÚàÉÇW	as`ò¦›¢W…0<N°Â Ç’
À*˜¡û]/h‚Íg£»
(ü#1°7‰’«Àè”s)
b'áVaÍ!%&`ÚøÉQáµÊËF/e”±¦Ö)doà”ã™È›Ã6-|Ì¨Óâq¹¥Â¾òf#ÃáN*Qáñ+ÇØÔpdŸ©"ŒÏÆ^ZR‡ÒË8<¿$‚i#Æ„Y(áÑ8á§‘ÀøßüéÝSÂóŠhÙÃ‹5ØL¸—Tö±¼éê‚âÿ"
å‡€˜Lx¬ÏMù4)I…Û:§ã2‡å0„T¦;|hõ¦cM“Ë>ç²âµ÷—™®Lj‡˜´â©!9íK¢wÜÕ„pmì†û0øö,P(‡ãcôµ)ùÉs‚UWì7´'×ñFßÂ*©È³;.¡gLõŸeÏˆ¶©²ÃˆO®rVWáõñÄk‰‡¥¨¦!Âm#CkzymhÒ9~økj‡ÈÝÜóP£nívC«‚ØÚ‡eºãŒojiC®Ž{²_mÕðpîÜqH!ÎºøW¡éYøÖt¥‡Ø–$¼Éû"‡×ØfÛô=CpPP|Ñ‰°cÆçIá1˜’Ã^!àÖc£±™×Ð2FÇÙT6!EÜAÆn#/*F\«ÕŒ¢º4§!„W'=†0ð—ó0Ÿ_>D_“2÷‡]ByžÁFgþdÚO\ß‘Q>SÚËè±ÅÆ§0¤DîüP†Ïð!Ð—,Ú_ê	¢Œµ‡QHL¬fâš›Ox#›ü¢u€Q¿Vœ DÙ>†AËÏâJMþ±2ÙL·8<}\‡ûˆ|R,EÄÊ·GÍ*ôkuÐÙÊ·3öžÕDÌTK–%Ñs^õ CZNóêÀe‰f˜1\k>n7¹¤\VÁj%ªq]µP~²ñââzø#ÿñé†
ÇG,ˆv*ãÛÞ—’Š'ú2ow÷yÿ(=ôþ3ØÄjOÓ§m-d÷ÚãÜÏý>þÜ!dPÜóüvî^~X?Ööµÿ ROˆŸ±¼lüÃµ-¼z¬BÅ~ÖíææÐªõÀÿlHw…×à™ ÜõeÏ«d}~uòýù™Ú´î^ïe&Ï ìv,Ûø cŠ¹í0ÆGcÈØz2õó…$ƒ\UÅÚ^¢î'«gòÛ~»S–ÙzâÎàª¦¼u»ùo9ü½Û«cú§ÕÞ$}qE»ŽŸuìãM¾O6ÕÝtåÝÛÖB¼ï€oÛF×v_bž/ù"ß‰éÛÑg-j*›Ë‘ç~¢Z"‰±XÑ){ö“Öqÿ[5\ÊÅ›à—ÛýBp—äm
RfZØPÚv¬êƒ~rXQÇTÿ‘Î¥o™¸½¼¶ÜmÙŸq¾¯w†›Ä6F¹±…õC-JÎãµcïf—\²Œ\Zq_*¯ñX3qBT
¦4ÿåƒ`0ƒÁ0Á`ƒ`0ƒÁ0Á`ƒþ0	(YD€pt&‚ex¸8¾v'Ü-
Anon7 - 2022
AnonSec Team