Usually this is specific to the third party credit card processor - so you'd need to find out these details from them. In the passed I've seen methods from form redirection (no change to your firewall config) where the client is re-directed to the secure payment site or a COM object which establishes an SSL type connection to the payment gateway. Hope this helps. Regards Steven -----Original Message----- From: John Tolmachoff [mailto:isalist@xxxxxxxxxxxx] Sent: 21 May 2002 04:45 To: [ISAserver.org Discussion List] Subject: [isalist] E-commerce site in DMZ Anyone know of a good tutorial or documentation describing all the protocol definitions and packet rules for needed for hosting a e-commerce site in a DMZ with public addresses? I am especially looking for the outbound information needed to process credit cards with/through a third part credit card processor. John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com