We are looking at replacing or supplementing our current Sonicwall with an ISA server. One of the big pluses for our organization will be to control internet access on a user level basis. With that said I am curious about the best configuration for laptop users that may or may not be on our network and have the ISA server available to them. In the real world what is the best practice for them, should they be Firewall Clients or Web Proxy clients. Because of our authentication requirements Secure NAT is not really a good option. Although I realize that in any configuration there is probably a little Secure NAT thrown in for certain clients. How does the firewall client software handle being removed from the corporate LAN and put on a remote network. Will it fail over to work as if the client software was not installed? Thanks for you advice, Tim