Hi Rob, Since I wrote it, I'll tell you my reasoning: 1. Because users can access ICMP and PPTP (if you have enable PPTP passthrough) without authenticating because the secret filters that allow outbound access to these connections do not support user/group authentication, and that's no entirely secure, and packet filters can't control outbound access from LAT hosts. 2. Assign yourselves a default gateway, then you can access these protocols. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA 2004 Beta - Get it now! http://www.microsoft.com/isaserver/beta/default.asp ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Rob Moore [mailto:RMoore@xxxxxxxx] Sent: Monday, May 10, 2004 12:17 PM To: [ISAserver.org Discussion List] Subject: [isalist] Firewall Client & Default Gateway http://www.ISAserver.org Hello-- In "Configuring ISA Server 2000," Dr. Shinder writes, regarding configuring a firewall client with a default gateway, "In your production environment, you should not configure your firewall clients with a default gateway." (page 400) Two questions: 1. Why not? 2. What about a few of us in IT who need to be able to ping? Should I configure these machines with a default gateway, or configure them as SecureNAT clients? I guess that's kind of three questions. Oh, well. Thanks, Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Rob Moore, MCSE Network Manager American Friends Service Committee 215-241-7870 rmoore@xxxxxxxx Our greatest glory is not in never failing but in rising every time we fall. --Confucius ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')