Generally speaking, all application filters are IP-ignorant. ISA recognizes a particular protocol and if a related application filter is installed and active, ISA passes the traffic through the appropriate filter for further processing. This is the heart of ISA's L4+ smarts. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: "Cristian Bratu" <cristian.bratu@xxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, June 27, 2002 7:49 AM Subject: [isalist] Re: DNS intrusion filter http://www.ISAserver.org Thanks Jim, Your answer is correct, the external DNS is making the transfer on a high port (above 1024), but what I dont understand is: the filter is "filtering" the traffic that I permit or all the DNS ZT traffic that arrives at my external network adapter? And if it filters all the DNS traffic, it does that before or after the IP packet filters? And if I have two different IP addresses on the external interface does it filters the traffic targeted at both addresses? These are my concerns because there is no configuration possible on that application filter. Thank you very much. Cristian Bratu MCSE, CCNA ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')