I get it now. The reason you don't want to have a default gateway is so you can use rules that can't be got around! Thanks. Rob -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Monday, May 10, 2004 1:32 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Firewall Client & Default Gateway http://www.ISAserver.org Remember; many of the recommendations you read in books, articles, email (mine included) are exactly that; recommendations. If you have a different need for a particular purpose, then you should do what you need to to get your job done. If you disallow default gateways for Joe(sephene) User, and you limit all outbound access to user-based rules, then they can't circumvent your ISA policies. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "Rob Moore" <RMoore@xxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, May 10, 2004 10:16 Subject: [isalist] Firewall Client & Default Gateway http://www.ISAserver.org Hello-- In "Configuring ISA Server 2000," Dr. Shinder writes, regarding configuring a firewall client with a default gateway, "In your production environment, you should not configure your firewall clients with a default gateway." (page 400) Two questions: 1. Why not? 2. What about a few of us in IT who need to be able to ping? Should I configure these machines with a default gateway, or configure them as SecureNAT clients? I guess that's kind of three questions. Oh, well. Thanks, Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Rob Moore, MCSE Network Manager American Friends Service Committee 215-241-7870 rmoore@xxxxxxxx Our greatest glory is not in never failing but in rising every time we fall. --Confucius ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rmoore@xxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')