Yes, you read the subject correctly. The project team I am on has a person on it who thinks he is a firewall god. With my proposal to implement ISA server to publish our internal Exchange severs to the world came a backlash of defiancy. This guy does not give ISA any respect and doesn't even consider it to be a firewall that can stand on it's own. The guy wants me to put my ISA server between two checkpoint firewalls. Yes you read correctly, he wants to put a firewall between two firewalls. Why, I don't know. Probably because he's defensive about his checkpoint and doesn't want to lose control of it or something. Anyway, can someone give me a good solid reason that will be worth putting in my gun and shooting as to why this should NOT be done. Is there any reason at all, technically, that ISA has to be connected to the same segment as the Exchange servers? Any reason at all? Say for the secure connection to OWA, SMTP, POP3, IMAP, NNTP, anything at all?? TIA and HELP!!!! Howard