Lately, I`ve been asked to make a comparison between ISA and other firewalls, such as PIX and FW1. One thing that`s been nagging me, is the ability to have a DMZ and do stateful inspection on Traffic there. I`m aware that ISA does in fact do stateful inspection on traffic outbound traffic and Traffic initiated by published server rules. My question is this: Does ISA perform stateful inspection on traffic to a DMZ zone via packet filters ? The reason this is not obvious is the 3 types of traffic configurable in a packet filter; Inbound, Outbound and both. I`ve noticed that for example a filter like TCP 3389 inbound would allow Terminal services to be used on the ISA machine - but a typical oldfashined filtering firewall Would require a filter allowing both Inbound AND outbound access. Stateful inspection would Account for this. I`ve found no literature to back this up though...any thoughts ? Regards, David Elmquist