When looking at the "Sessions" container in ISA management I see quite a few rather unusual entries on a consistent basis. Session Type - Web Session User Name - Anonymous Client Computer - Blank Client Address - External Routable IP or 127.0.0.1 (this one bugs me) Activiation - Current Date/time My question is this. I would assume that the Client Address section lists External Routable IP addresses this is tracking an inbound Web session to one of our published websites/ftp sites through the ISA Server. However what I don't get is the 127.0.0.1 entry. Noone logs on to the ISA box itself and browses the web. It is obvious that A LOT of web traffic is being generated with the source address being 127.0.0.1 as we use Surfcontrol to monitor proxy traffic. It shows 10s of thousands of hits to various websites from the client 127.0.0.1 and I cannot figure out why. Normal proxy and firewall clients show up just fine in the Surfcontrol reports....I just cannot figure out why all this traffic is listing itself as coming from the loopback adapter.