We've inherited support of an SBS 2000 machine. Until recently it was one-nic connected (using a LAN connected PIX as a firewall). Various issues pointed towards using the ISA server in SBS so an extra NIC was added, LAT updated, rules created and all looked good. The server is definately in Integrated mode. Some recent investigation discovered that ISA isn't actually blocking any traffic. Rules have been reviewed (removed and re-added) but it just doesnt seem to want to bother blocking access to non-published services. From what we can see all ports are open to the outside world. Not a happy situation. Any ideas how we might force ISA into doing its job again? many thanks, Iain.