Hello All, I would like to get some feedback on a design issue. I am proposing to implement a back-to-back firewall solution to a customer. My intension was to have both the external and internal firewall servers in Integrated mode. Thereby facilitating the DMZ using a private address scheme and also leveraging from a firewall and proxy cache chain. The alternative, of course, is to have the external firewall in firewall mode and the internal firewall in Integrated mode. The internal ISA will act as a forward cache server only. The web service in the DMZ would then require a server publishing rule rather then a web-publishing rule. Can anyone provide some feedback so I can calrify in my own mind what the best approach is? Thanks in advance.