I know this question has been discussed in the past but I am concerned about whether or not I should install the FWC on all of my User Workstations or not. Any help would be greatly appreicated. SITE 1: ISA Server 2004, Ext Interface Connected to "Internet" Router. Internal Interface connected to 192.168.10.x subnet that has a PPP connection via a second router to SITE 2 and SITE 3. All Servers (mail, web, domain et al local to site 1. SITE 2: Connected to Site 1 and Site 3 via PPP. Local subnet 192.168.20.x. No direct connection to the Internet. SITE 3: Connect to Site 1 and Site 2 via PPP. Local subnet 192.168.25.x. No direct connection to the Internet. SITE 2 and SITE 3 connect to the Internet via the ISA Server on SITE 1. Question: Should I install the FIREWALL Client on all Desktops at EACH SITE. In Tom's book there are references to using both the Secure NAT and the FWC on the remote subnets. I am confused by this. Also, I reply by Thor (grealy appreciated btw) references installing the FWC on the Desktops at the Remote sites but using their local router as the DGW. Ideally, I want to install the FWC on ALL Computers, including the Exchange Servers, DNS, and DC for the added secure communications. But I am not sure if I should do this. I have a lab setup but it is a single subnet lab. Thus, I don't have the equipment to truly test this. If I install the FWC on the desktops of the remote Clients and Servers, should I then put their local router as their DGW? Thank you for any commnets. PS- I really like this board. I have been reading it daily since I discovered it. thakns for all the posts.