Server: ISA Server SP1 running on W2K SP2 + SRP + patches in Standalone/Integrated mode in an Active Directory domain. The ISA server sits behind our Cisco Pix firewall. We previously ran our server on the above config using only caching mode. The Pix administrator reported that requests for nonstandard ports (things other than 80, 443, 20/21) were being passed through from ISA but blocked at the Pix. As part of our troubleshooting efforts, we rebuilt the server and added the firewall featureset (yielding the config above). Site and Content rule (1 rule): - Allow all traffic to all destinations at all times; applied to an NT group we created that has all users allowed to surf the Internet; all content groups allowed. Protocol Rules: - We initially had a single rule - Allow selected protocols (HTTP, HTTPS, FTP DL Only) at all times applied to the NT user group mentioned above). ISA should normally not allow traffic through that is not allowed, right? With this single protocol rule, IE requests for pages at different ports were passed through to the PIX. - Then we created a second protocol rule - Deny all requests to protocols except HTTP, HTTPS, FTP DL only; applied always and to the NT group. - Same thing. What am I missing? Why is ISA passing this traffic through when it seems like it shouldn't? TIA, ***************************** * Erik Sojka, MOS, MCSE * * Manager, Network Services * * esojka@xxxxxxxx * *****************************