I have a small lan (1 win98 client with a win2k server sp2 running exchange server, isa server sp1) this network is attached via wireless ethernet to a dsl router. The plan is to make the win2k server a low volume public machine (email, web pages, ftp) public ports (25,etc) are mapped to the win2k server. In an attempt to secure the win98 client from the win2k server. I installed isa sp1. ISA was installed as a stand alone integrated server, with the lat table showing all the internal addresses including the internally pointing server nic. Allow rules for site and content as well as protocol permitted any request. Protocol filters were added to the defaults to include snmp, pop3,smtp and telnet. All filters were enabled. Packet filtering is enabled. There are no policy elements for this array. Isa logs are configured for maximun logging. The immediate problem was managing the wireless device with snmp (port 161 and 162). SNMP management software for this device was not able to connect to the device without stopping the ISA server control service,stopping web proxy, firewall service, routing remote access has no effect. Pinging the private ips in the lan works, telnetting to the router does not (despite making a protocol rule allowing this). SMTP outbound traffic has worked. Web browsing works with and without isa server control running. Pinging outside the private lan does not work. Stopping the ISA server control service permits me to ping outside the private lan and telnet to the router. The Isa logs, when the isa server control service is running, shows dns requests/responses allowed, some pinging permitted, but everything else blocked. The event logs(application and system) show noting unusual. I removed isa and reinstalled it. Tried everything above with same results, then installed isa sp1 again making no difference. Except the client win98 can no longer retrieve pop3 mail even with isa server control stopped although sending mail works. It is obvious that starting and stopping the isa server control service blocks and allows port traffic. I have no clue what within ISA is causing the problem. Can anyone suggest something. Many thanks dick kessler From the isaserver.org website Packet filtering should always been enabled when the ISA Server is att the edge of the network. When the ISA Server has an interface with the Internet, you can make sure that no ports are open inadvertently by enabling packet filtering. By default, the only traffic that will be allowed when packet filtering is enabled are some ICMP filters required for basic network management, and the DNS filter which allows the ISA Server to make DNS queries on the behalf of ISA Server clients on the internal network. All the above is happening, it is as if I don't have packet filetering enabled or allow rule set up, anyone with an idea?