A network is protected to a very large extent, simply by installing the MS ICS (which is in effect a NAT proxy software, and therefore allocates reserved IP addresses to both PCs). The Norton/Sygate/ZoneAlarm firewall does not give any significant additional protection to the network for *incoming* IP packets.
However, the ICS software, as well as Norton/Sygate etc, will treat any *outgoing* IP packets as valid, if they originate from the 2nd PC.
Therefore, to obtain any significant benefit for the 2nd PC on an ICS network (i.e. the PC that is not the 'gateway' PC), it is necessary to install a software firewall on that 2nd PC.
Then, and only then, any outgoing IP packets are checked to ensure that they are being sent from an 'authorised' program or process.
Remember that NAT protection only checks that IP packets have a valid originating IP address (NAT protection is provided by proxy software such as ICS, and cheaper hardware routers).
Software firewalls check that a program has permission to send/receive.
This thread is now locked and can not be replied to.