By default sygate has allow as server - checked, I didnt know until I clicked on the applications and then advance, I unchecked all of them.
Yes, that is true and the excuse used by Sygate is that is the default setting of Windows, but in my opinion that is a poor excuse and is contary to good security. So yes, on install or upgrade you have to go through and manually uncheck Act As Server for all of the applications that are listed in the Applications settings and as new applications are opened that attempt to access the internet. It is the one thing about the program that I hate.
When I say I allowed incoming traffic, I mean I set up an advanced rule for IE not to allow traffic on TCP ports 0-79,81-109,111-442,444-8079,8081-65535.
Ok, it probably be useful if you post the rule you created so we could review it. There are two basic approachs to FW rules: Allow-all (allows all packets that are not specifically listed in a rule to be denied) and Deny-all (all no packets except those that are allowed by a rule). Sygate by default is Deny-all FW. This means it will only allow traffic that you have either created a specific allow rule or if it is allowed by your Application settings. Keep in mind the Application settings are really just really general rule sets. Also, when creating your rules remember that Sygate like most rules based firewalls works In Order or the first rule is applied before the 2nd and 3rd and etc. That is why you have the arrow keys on the advanced rules for moving rules that you create to change the order.
Now, before I go on let me say Pak or Spacecowboy at the Sygate forum are by far more advanced rule makers than I, but looking at your rule above seems to me you are taking the Allow-All approach, in that you are specifing what should not be allowed rather than the what should be. That said there is an easier way to acheive what it looks you are attempting.
1. Creat a rule or rules for what you want to be permitted
2. Make the last rule for any application a Block All rule
3. Once you are sure you rule set is good, go the Application settings and uncheck all boxes. This will ensure that the only your Advanced rules are applied. Otherwise Sygate will go to the Application settings after going through your rule sets.
Now for your specific rule, what you have described so far doesn't specify anything about the direction of traffic being allowed or denied so I can't tell how would effect incoming/outgoing traffic. But these are the conditions that would allow incoming traffic (keep in mind this doesn't mean all incoming traffic--just unsolicited incoming traffic).
1. Act As Server is selected in Application Settings for that particular appplication (make sure to check all of the windows service as well)
2. Your advanced rule has "Action: Allow This Traffic" selected, "Traffic Direction" is selected as either incoming or both.
So yes, it is not necessary to specifically create rules for which ports should not receive incoming traffic. You should create rules for what outgoing traffic is allowed and then end it with a seperate block all rule. This block all rule is probably not necessary but it creates a bit of extra insurance to ensure that only those conditions you have set are actually happening.
Here is an example of one of my rule sets for Kazaalite:
Rule 1
Rule Summary:
This rule will allow outgoing traffic to all hosts on TCP remote port(s) 1024-4999,80 and TCP local port(s) 1024-4999,80. This rule will be applied to all network interface cards. This traffic will be recorded in the 'Packet Log'. The following applications will be affected in this rule: Kazaa Lite.
Rule 2
Rule Summary:
This rule will block both incoming and outgoing traffic from/to all hosts on all ports and protocols. This rule will be applied to all network interface cards. The following applications will be affected in this rule: Kazaa Lite.
Now I could tighten that rule by restricting the remote ports to only 1214 and 80 (default for Kazaa). The trick to creating rules is reviewing your logs. Your Traffic and Packet logs are key for this. It now only gives you the basic road map for how to create the rule to start with but how to fix it if it is too tight. Also for applications such as an auto update function of a particular app, you can use the logs to see what the IP addresses are that the app is dialing back to and use this to restrict the rule down to only those specific IPs. Again, it is matter of trail and error and reviewing your logs.
Also you could get a jump start by going to PC Flank. They have rule sets for most common applications. Just keep in mind that their rule sets are a bit liberal. Also again, the Sygate forum should be good for gettting other examples.
http://www.pcflank.com/index.htm
Also, make sure to select "Record this traffic in the Packet Log" on the front of all of your rules. Otherwise the appplication of that rule will not be recorded. I hope that helps.