Tom, as I said previously, we don't use ISA Server 2004 as a firewall at all, since the customer has already existing so-called hardware firewalls; we just want to use ISA as a proxy, with the interesting capability that it allows transparent authentication of Windows users thru their IE navigator ; by the way, I am not telling you suggest such a configuration in your manual;I understand this is a really limited way of using ISA, but, sometimes, you don't choose ... you have to do with the existing customer infrastructure ; but, I remember you refer the case where Web publishing could be done for services residing on the ISA machine itself (I don't have your book with me right now, but I think it is somewhere in chapter 4; I will check tomorrow) ; the following URL seems to tell similar thing : http://support.microsoft.com/default.aspx?scid=kb;en-us;885186 Apart from that, in your book,you also describe a configuration (with 1 single NIC adapter on the machine)where you suggest not to use the single NIC adapter network template provided with ISA 2004 ; could you tell me what would be better to do in such a case ? Last point, about my initial questions, do you have an idea about why the Web user access control (based on Access rules between Internal and URL, or Domain, or everywhere) only works when checking the "Require all users authentication" option under Network Configuration ==> Internal network ==> Properties ==> Web Proxy ==> Authentication (being know that my access rules are defined with groups of users , This would be helpful thanks in advance for your help