I'm looking at this problem for 2 days now..... Help me please :D Using: WS_FTP95 LE When an internal client (SecureNAT) behind the isa server is connecting to a FTP site, there's no problem at all if it's in active mode. In passive mode, can connect without problem, upload without problem, change directory without problem..... but cannot download any files... check this exemple (trying to download): 227 Entering Passive Mode (XXX,XXX,XXX,XXX,4,44) connecting to XXX.XXX.XXX.XXX:1068 - - connecting to XXX.XXX.XXX.XXX ... Connected to XXX.XXX.XXX.XXX port 1068 LIST 150 Opening ASCII mode data connection for /bin/ls. Received 1078 bytes in 0.1 secs, (100.00 Kbps), transfer succeeded 226 Transfer complete. CWD colwin50 250 Directory changed to /e:/pub/clients/250506/colwin50 PWD 257 "/e:/pub/clients/250506/colwin50" is current directory. PASV 227 Entering Passive Mode (XXX,XXX,XXX,XXX,4,66) connecting to XXX.XXX.XXX.XXX:1090 - - connecting to XXX.XXX.XXX.XXX ... Connected to XXX.XXX.XXX.XXX port 1090 LIST 150 Opening ASCII mode data connection for /bin/ls. Received 521 bytes in 0.1 secs, (50.00 Kbps), transfer succeeded 226 Transfer complete. receiving colcla32.zip as colcla32.zip (1 of 1) TYPE I 200 Type set to I. PASV 227 Entering Passive Mode (XXX,XXX,XXX,XXX,4,71) connecting to XXX.XXX.XXX.XXX:1095 - - connecting to XXX.XXX.XXX.XXX ... Connected to XXX.XXX.XXX.XXX port 1095 RETR colcla32.zip 150 Opening BINARY mode data connection for colcla32.zip (2339925 bytes). And it freezes there....... On my ISA Server 2000 SP1, in protocol rules, I set a rule with the FTP DOWNLOAD ONLY protocol (application filter). I tried the FTP protocol (application filter). I did a lot of test... When passing from the other side of the ISA, it works perfectly..