Hi Tom, That is a frequently asked question, but I think its more of a design question rathar than something that can be fixed or "done". I suppose the design philosophy was that if a protocol were so poorly designed, OR required such a complex set of negotiations, that it would be better to let an ALG handle the connections, rather than having Protocol Rules deal with them. What type of applications are you thinking of? Online games? Thanks! Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Tom Mendelboim [mailto:tomerm1@xxxxxxx] Sent: Saturday, March 08, 2003 1:11 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Idea for new question list http://www.ISAserver.org How about why ISA cannot have a protocol definition that can be defined to open a range of ports (not secondary ports) for incoming or outgoing? -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Thursday, March 06, 2003 2:24 PM To: [ISAserver.org Discussion List] Subject: [isalist] Idea for new question list http://www.ISAserver.org Hey folks, I was wondering about starting a new list of questions that I could maybe present to the Microsoft folks regarding ISA Server. These are questions that have been asked many, many times over the last two years and there's never been an answer to them. Now, I'm not talking about Frequently Asked Questions (FAQ) that are just asked because the person hasn't done his homework. I mean those tough questions that have ben extant over the years and there's just no answer for them. For example: * Why do VPN gateway links just "die on the vine" and are not automatically re-established and the RRAS console shows the connect is still alive? * Why do so many people see an error regarding the upstream proxy being unavailable, even though everything seems to be working correctly? * What do DNS server publishing rules die and not come back until you restart the IPNAT service? * How do you stop NetBIOS node adapter status queries from taking place when the ISA Server is attempting to do a reverse lookup? * What do all those entries in the reports mean? * Why do I sometime get a DNS error when posting a response on the ISAServer.org message boards, and the only fix is to change from a Web Proxy client to a Firewall client, and why does it fix itself if I just close all the browser windows? * Does the NetMeeting client require a Site and Content Rule that allows it access to all Sites and Content, or can we create a more discreet Site and Cotent rule that will still allow the internal network NetMeeting client to recieve calls from external users who call them via a phone number * How do you configure the H.323 Gatekeeper to work with a 3rd party PBX on the DMZ? Is it possible? I've got a million of them :-) I'm not sure what to call this list, but I was thinking of calling it "Frequently Unanswered Questions", although I'm not sure how the acronym will go over ;) Thanks! Tom Thomas W Shinder www.isaserver.org/shinder <http://www.isaserver.org/shinder> ISA Server and Beyond: http://tinyurl.com/1jq1 <http://tinyurl.com/1jq1> Configuring ISA Server: http://tinyurl.com/1llp <http://tinyurl.com/1llp>