Thanks guys for all your feedback but I think Armando has got the best answer as to why NOT to put a default GW on your FW clients - that being that if you have a routed network then ALL non local subnet traffic will be sent to ISA wether or not it is ultimately destined for the internet therefore putting unnecessary burden on your ISA server. And yes and as Jim, Brian and others have pointed out you may want to do this as a form of security since withOUT a GW non winsock and non tcp\udp traffic could not be sent to the internet from the FW client. BTW Jim did you suggest that client DNS lookups do NOT use winsock calls since they occur at a lower level? Nigel -----Original Message----- From: Armando Treviño López--- [mailto:armando.trevino@xxxxxxxxxxx] Sent: Thursday, 29 November 2001 3:54 Subject: RE: Why Tom recommended NOT to use a gateway for FW- Clients Another issue is that if you configure all computers as SNAT clients, all IP traffic is routed by the ISA server (Not only internet, but also intranet traffic if you have different networks in your LAN or WAN). So maybe this will use more server resources.