Hi folks. I have one interesting problem. I administer hosted Exchange 2000 Enterprise server which sit behind firewall. Clients come from different networks. Clients use Exchange with MS Outlook 2000 or MS Outlook XP as "Microsoft Exchange server". At this case MAPI is in use, but MAPI works with RPC that uses dynamic ports. Firewall is CheckPoint FW-1. In exchange server i restrict port range (i allow 4 ports to be assigned for client connections - MS KB article 270836) used by RPC and in FW i create rules that allow access from clients to exchange on port 135 (RPC port mapper) and allowed 4 ports. It's work fine (approx 2 years). In this situation no problem open same ports on client firewall. But at this moment i need change my firewall to ISA server... ISA server have great application filter called "Exchange RPC Server". It work fine, but only if client not have own firewall. If client have own firewall that is ISA - problem can be resolved (this solution described in many articles in Microsoft, ISAserver.org and other sites). But problem begin if client have any other firewall (CheckPoint, iptables or others...) and access from client to internet is restricted by ports. Client firewall administrators refuse dynamic port opening by security reasons. I can't find solution for restricting port allocations in ISA server "Exchange RPC Server" filter. Best regards, Viktors Judins ========================================= Digital Economy Advancement Center http://www.deac.lv =========================================