I have users on my network who need to connect to a IBM websphere application on the Internet. The application uses TCP port 8999 inbound and outbound for authenication it also uses TCP port 30861 inbound and outbound to run the web based client app. The things I have done is this. I created protocols for TCP ports 8999 and 30861, allowed these users to pass throught the firewall using a protocol rule defining these ports for the questioned users. My end result is that I cannot get the user to connect unless I have them run the firewall client. I do not want this. Any help here to what I might need to do. Mark