Tom, could you please clarify for me on how to "force authentication"? I have the Firewall Policies set to authenticate to a user group instead of All Users, but I did notice there is a checkbox to "require all users to authenticate" in the Network configuration. When I enabled this, it repeatedly prompted everyone for a password, even if they were logged in correctly. -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Wednesday, March 16, 2005 22:42 To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISAserver.org - Review of SurfControl Web Filter 5.0 for ISA Server 2004 http://www.ISAserver.org Hi Ara, Good question. None that I can think of, because the hosts have to be configured as Web proxy clients for it to work. You can't use authentication to control this, because the Firewall client can authenticate too. I suppose you could disable=1 for the Firefox executable. That will cause the Firewall client to bypass connections from Firefox and then then when authentication is enforced, then they must be Web proxy clients since SecureNAT clients can't auth. That should work. Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls