This is confusing since I know that Server 2003 allows thousands and thousands of entries in a single ipsec rule and I foolishly assumed 2008 and above also did.
I had received the same error and thought it was due to an overlap of adding a subnet that I had already added a single ip from the subnet and I spent a great deal of time going through the list until I found the overlapping ip, but when I continued to get the error on future ips and subnets I realized I needed to dig some more.
Years ago I had research as much as I could and found a number of articles that stated 2003 did not have a limit. In fact I have one production server that has over 20000 entries in a rule. (that is not a typo - it took years to get to tht number adding on average hundreds per month)
I am glad I found this article as it will save me a lot of time. I took the suggestion here and created a new rule and subnets that returned an error previously are fine in a new rule, so superuser answers a question for me once again.
It's too bad there is not an easy way to export and re-import single rules, the snapin appears to only allow all or none.
Probably a way to do it with powershell, but I guess that should be another question thread. If there happens to be a thread that covers that here, would appreciate the search string to look for or a link.
Edited to add: My OS is Server 2008 Standard x64 SP2
This answer is not correct. See: http://superuser.com/questions/802355/windows-firewall-remote-ip-address-scope-list-limit/804534#804534
– Art – 2014-08-30T16:37:53.633@Art I'll double-check if this is still an issue next week, but as of when I wrote this, I'm 100% sure it was the case. – kevinmicke – 2014-08-31T15:01:12.037
Check the answer in my question; the post in the MSDN forum is from one of the devs that works on Windows Firewall. I currently have 1500+ remote IPs in my filter and I can scroll the list just fine as well as add new ones both programmatically and via the GUI. – Art – 2014-08-31T17:44:39.533
@Art I checked out your question, and just wrote a little Powershell script to check this. At least on my server, this limit of 1000 is correct. My script added 0.0.0.0 through 0.0.3.231 (1000 IPs) without issue, and then errored out on all of the ones after that. I then checked if I could add the 1001st IP via the GUI, and got this error message. Regardless of what anyone says on a forum, this is the reality on my server, so I believe my answer is correct. What version of Windows and Windows Firewall are you running where you could add more than 1000?
– kevinmicke – 2014-09-03T21:38:46.790There seem to be different limits in different versions of Windows. I can easily add thousands of IP blocks to one rule in the current version of Windows 10, but the same script fails on a Windows 2008 R2 server. – needfulthing – 2018-08-28T15:22:12.223