Are you sure? I checked that page, and it had a good sized list of other browsers and their signatures (of course, they are being blocked now here). Oh, and I just got off the phone with SurfControl, the person I was talking to claims that the reason they can't filter SecureNAT sessions is because they can't get a "Source IP", the ISA server hides that, so they drop the packet from filtering. I passed on a summary of what David said he did to fix a possible similar problem, but he didn't seem to want to hear it. So, since a fix from SurfControl doesn't seem to be anywhere near being on the horizon, anyone have any ideas how to block all SecureNAT sessions? I have no problems with "requiring" all users to use the FWC. -----Original Message----- From: Ara [mailto:ara@xxxxxxxxxxxxx] Sent: Thursday, March 17, 2005 13:11 To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISAserver.org - Review of SurfControl Web Filter 5.0 for ISA Server 2004 http://www.ISAserver.org Oops! I forgot to post the link http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/commonapplica tionsignatures.mspx -----Original Message----- From: Ara Sent: Thursday, March 17, 2005 10:07 AM To: '[ISAserver.org Discussion List]' Subject: RE: ISAserver.org - Review of SurfControl Web Filter 5.0 for ISA Server 2004 Tom, Very good choice but where can I find signatures for other browsers? I have followed this link and it only provides IE, or can I create a rule that client header has to be IE?