I have been playing around with ISA2004 over the last month to get a feel for it and to see how I should deploy it. The initial question I have is should I deploy the ISA Server in a separate Forest from the rest of the domain or not (all W2K3 servers). Is it as save if correctly configured as part of the domain? I understand the added security it provides by having a separate domain and a one way trust but are there any problems that will arise when I try to use other features? The Firewall will be used to provide: Outgoing HTTP, HTTPS and FTP Outgoing SMTP Incoming SMTP Incoming Client VPN's Site to Site VPN's Also does anyone know of a whitepaper/how to on setting up the two Forest configuration. Thanks Andy