I am fairly new to the ISA 2000 server. I am already reading few books (except Tom Shinder's books, which I couldn't find any in my local Barnes and Noble or other stores). Each time I read an ISA book, I come away with more questions and confusion. So, if someone can address the following potential FAQ questions, I would really appreciate it. 1) What exactly is the difference between SecureNAT(snat) and Firewall clients? The only thing that I seem to grasp is that firewall client allows you to log authentication information, accepts requests from Winsock apps and performs DNS lookup itself. 2) Do snat and firewall clients contact firewall service on the ISA server or each has its own service to contact in ISA. 3) And once they make contact with firewall service, if the request is for webpage, do they always use HTTP redirector? If I disable the HTTP redirector, how snat and firewall clients send out http request to internet assuming webproxy client is not configured on these clients? 3.1) I read somewhere eventhough incoming request came from different external NIC IP number, any outgoing response always goes out using the primary external NIC IP. Is my understanding correct? If it is, how the internet clients know that the response it receive is from correct source? 4)Do webproxy, firewall and snat clients have to go through the same rules and policies before going out to the internet? I mean do they go through each of the following policies each time a request was made from internal clients? a) protocol rule b) Site and content rule c) IP packet filterings 5)Can I still access HTTP pages on the internet, if I disable the webproxy service? Or is web proxy service an absolute requirement for any internal clients to go out to the internet websites? Thank you --------------------------------- Do you Yahoo!? Express yourself with Y! Messenger! Free. Download now.