Hello all! I have almost nearly finished deploying ISA here at work. The last step is to get all the web servers working properly in the DMZ. I have set the perimeter up as a tri homed DMZ because it presents the least amount of trouble from a DNS name resolution perspective. As I understand it you need to use packet filters to allow the internal SQL servers to talk to the IIS servers in the DMZ. The internal network is 192.168.xxx.xxx. The external nic on ISA is XXX.XXX.77.XXX and the DMZ NIC is XXX.XXX.73.XXX. What I have been wrestling with is how to create the packet filters to allow the internal SQL servers (3 individual and I SQL cluster) to communicate with the DMZ IIS servers (4 web servers and 1 "web cluster"). I have researched this on the message board through the archives of this mailing list and I have also read Tom's book. Everything else with ISA has gone as smooth as gravel (show me a tight firewall that is easy to configure, I dare you LOL) but once I figured out what I was doing wrong I managed to get it working. This one has me a little stumped though. I know the ports I need to give access to are 1063, 1078, 1433, and 1434. What I don't know is how to set up the custom filter. The protocol is TCP, but here is where the confusion starts. Should the direction be both or just outbound. I know that ISA will open up a port for the returning information but does this affect the setting under the custom packet filtering. For the local port setting I don't know if I should set up the specific port I need or just use the dynamic setting. On the remote port setting I am also unsure of what to set. The next screen also presents me with issues. I for this specific scenario so I set these filters for ISA's DMZ interface or for the specific IP Addresses of the IIS Servers residing in the DMZ. Thanks for any and all help in this matter!! Cleverly disguised as a responsible adult. Joe DeNave Network Administrator jdenave@xxxxxxxxxxxxxxx