> 1) Need to install client software for some protocol support (including > ICMP); Not really. Most times the client can be a SecureNAT client. This requires only have the IP address of ISA as the gateway on the client. In some situations, yes, the firewall client must be installed. > 2) Limited attack detection (especially for an Application Layer Gateway); ISA does a very good job of attack detections. Where do you get the information that it does not? > 3) Performance; I have seen no performance issues depending upon proper configuration of the base OS and hardware. > 4) It does not run over a customized OS. (Let's get real... Windows is the > worst OS to run security applications...) I guess it depends on what side of the fence you sit on. A properly configured and hardened Windows 2000 server or even better Windows Server 2003 stands very strong. Just my thoughts. I am sure the doctor will respond. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com