Hi Alejandro, I guess I don't understand your scenario, if the ISA firewall is inline, everything goes through the firewall and all connections are exposed to stateful filtering and stateful application layer inspection. Tom www.isaserver.org/shinder Get the book! Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Alejandro Fernandez [mailto:fernandeza@xxxxxxxxxxxx] Sent: Wednesday, August 11, 2004 11:56 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: HTTP traffic and routing http://www.ISAserver.org Anyone?? My boss want's to implement another firewall solution and I'm trying to defend ISA!! What he wants to implement is the following. We have a router with 2 Internet connections attached to ISA's external interface. He want's the router to make the NAT so with policy routing he can decide which link the traffic should follow. ISA should only route the requests from SNAT clients on the Internal to the External if they are approved according to the firewall rules. If the clients are web proxy the requests should leave with ISA's external Interface IP address. Is this possible? I really want to implement ISA and not the other firewall.... TIA Alejandro -----Original Message----- From: Alejandro Fernandez [mailto:fernandeza@xxxxxxxxxxxx] Sent: Martes, 10 de Agosto de 2004 04:26 p.m. To: [ISAserver.org Discussion List] Subject: [isalist] RE: HTTP traffic and routing http://www.ISAserver.org Yes Tom, I have read them, they are great! I was missing the newest article, that made it. Now I have a new question also related to this. I set ISA to route between the Internal network and the External network. On the host on the internal network no proxy configured. I create a rule to allow HTTP and ICMP between Internal network and External network. As far as I understand this shouldn't work (I shouldn't be able to get out as I have a private IP range) and it doesn't for ICMP or other protocol but it does for HTTP. I am able to browse web sites so I asume ISA is doing NAT on HTTP requests. Is there any way to configure this behaviour? Just trying tu fully explore ISA before implementation... Thanks, Alejandro Fernández fernandeza@xxxxxxxxxxxx -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Martes, 10 de Agosto de 2004 03:18 p.m. To: [ISAserver.org Discussion List] Subject: [isalist] RE: HTTP traffic and routing http://www.ISAserver.org Hi Alejandro, Have you been reading the DMZ articles over at www.isaserver.org? Tom ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx