I wouldn´t advise you to use this type of authorization. I can use Integrated authentication and Rules applied to groups rather than IP´s. There are two problems concerning this situation: 1. In ISA Management, application filters, there´s one filter called: "HTTP redirector filter". If you check out it´s properties you´ll see that it redirects your firewall requests to web proxy requests cancelling your authentication. This way MSN, Yahoo, ICQ won´t pass through ISA. Set if for "Send to requested Web server". 2. There´s a bug in the Firewall client application. Uncheck "Automatically detect ISA Server". After doing this configuration, you´ll see that a small green ball with a white point in it will appear on the Firewall client ICON. Hope this will help.