Rule Settings: (Since I'm alittle more paranoid than most I don't share specfic info without an NDA, I'm going to use generic names and fake IPs. :-) ) Action:Allow From:External To: Server: mail.mydomain.com Checked Forward original host header instead of actual. Radio button, - Request appear to come from the ISA Server. Traffic: Filtering HTTPS Listener: Name - OWA HTTPS Listener Networks - External Port - 443 Authentication method: OWA Forms based Always authenticate - Yes Public Name: mail.mydomain.com Paths: <same as internal> /exchange/* (YIKES, could this be it?) <same as internal> /exchweb/* <same as internal> /public/* / /Exchange\* (Redirect I read in another article) Bridging: Checked Redirect requests to SSL port. Users: All Users Checked forward basic authentication requests.