Hello, I would like to setup a "mixed" environment of ISA firewall clients and Secure NET Clients. The goal is to control access based on which user has logged onto The firewall client machines without having the secure NAT clients affected. After reading through http://www.isaserver.org/articles/ISA2004_AccessRules.html In the section on user authentication rules: The article describes the behavior of rules when the user can not be authenticated which is the case for Secure Net Clients. What I am having trouble with is that unless I force all users to authenticate the Rules that have restrictions placed on them don't work. In other words it appears that the users must be validated in order for them to work. Forcing validation by setting all users my authenticate fixes the ISA Firewall Clients but breaks the Secure Net Clients. Is there a way to create and All unauthenticated users rule set and make it an exception to a rule in ISA2004? Is there some way to apply a rule to someone who has presented credentials but has not necessarily been validated? (Yes I know this would be really weak security its just a question). Is there a way to validate a computer account for Secure Net Clients? I guess if I fixed the IP address of all of these then I could make them exceptions to a rule or could I ? Client IP is evaluated before user correct? Thanks Bill