Nfuse runs on top of IIS - ISA would publish the website as it would any other, you could also offload the SSL encryption of the site to ISA. CSG does pretty much the same, except Citrix offload all SSL traffic including all the connectivity to it. So to answer your question, you would just publish the websites behind the ISA firewall nothing abnormal. Some things to think about regarding ISA, If you want to run a redundant system you will need to run Windows 2003, Windows 2003 supports multiple NLBS groups so you can load balance incoming and outgoing connections (Oh and don't load the ISA client on your servers!). We had problems with this and found when we lost one of the firewalls we had to migrate the IP address (which admittedly isn't difficult) to one of the other machines (third party scanning DLL's for ISA are problematic - 'ye 'ol blue screen of death [be warned!]). Another problem which we found pertained to the applying of service packs to the OS, the question is - do you want to constantly apply hotfixes and service packs to your firewall, can you take it down every time? Taking this into account ISA does have some nice features and it's because of this I know of quite a few people who have opted for a dual firewall approach with the ISA behind a FW1 or PIX. (One of which if you are wondering, ISA supports an RPC filter which in theory allowed you to connect Outlook directly to Exchange over the Internet - which of course is not necessary now with RPC over HTTP in Exch2003) My 2c (This doesn't mean this is how my network is configured - for those who think like that) :) Regards Steven -----Original Message----- From: Evan Mann [mailto:emann@xxxxxxxxxxxxxxxxxxxxx] Sent: 16 September 2003 04:33 To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] Nfuse and ISA server I'm deploying an ISA server to handle all my DMZ traffic. The ISA server will be the only machine in the DMZ. My web servers, ftp servers, OWA servers, etc., will all be behind the firewall I'll be moving from Win2000 TS to Citrix in the coming months. I plan to exclusive use NFuse and want to have everything SSL secured. I know the preferred methods are to use Nfuse with CSG. How would an ISA server interact with Nfuse and CSG? ******************************************************** This Week's Sponsor: ThinPrint http://www.thinprint.com ********************************************************** Useful Thin Client Computing Links are available at: http://thethin.net/links.cfm For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm ******************************************************** This Week's Sponsor: ThinPrint http://www.thinprint.com ********************************************************** Useful Thin Client Computing Links are available at: http://thethin.net/links.cfm For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm