One of our engineers claims that the Microsoft ISA server is not a proper firewall because, if you create a tri-homed DMZ scenario, the DMZ uses real IP addresses and simply routes allowed packets through to the server. He says that a simple router would perform the same task. Is this true? Does anyone have any comments on this - according to Microsoft having web servers in the DMZ is more secure than using server publishing from the LAT. I'd be grateful for any comments or links to articles which discuss this. Thanks in advance Tim Ray