Hi, I am having trouble in passing SYSLOG from my ADSL Router through to a system in my DMZ. BACKGROUND: Running ISA Server 2004 standard edition Platform is Windows Server 2003 standard edition I have defined a DMZ network (SMTP Relay etc.)172.16.29.0 /24 I have defined a Router Network (connection between ISA Server and ADSL Router) 172.16.30.0 /24 I have defined an Internal Network 172.16.31.0 /24 All other networks are classed as external ISA Server is classed as local host I have defined the relationship between all networks as Route because NAT is performed by the ADSL Router I have set the Internal network properties to operate in proxy mode for the usual protocols I have a content plug-on running on ISA Server 2004 called WebMarshal (URL screening, A/V screening and screening for malicious mobile code) Operation: I publish OWA, utilise VPN Clients and operate Proxy and cashing - all of this works ok. The Objective: I simply want to log syslog messages from my ADSL router onto a Syslog server running on my mail relay server on the DMZ. The issue: I have tried every concievable way of configuring the rule-base to get this to work but cannot. a) There is no pre-defined protocol for syslog. I created a protocol for UDP 514, there are four options SEND, RECEIVE, SEND RECEIVE, RECEIVE SEND to describe the behaviour of the protocol. The logging identifies the protocol that is being blocked as UPD 514 SEND (this makes sense as it is an unsolicited message that does not expect a response). So my options are that I either setup an access rule or a server publishing rule to handle this. To the best of my understanding, Access rules are intended for outbound traffic only and publishing rules are required for inbound connections. As the Router Network is on the same ISA-Server interface as the external network, then the traffic is deemed to be inbound and a publishing rule is required. I try to configure a Server publishing rule, but it will only allow me to define a protocol of UDP RECEIVE or UDP RECEIVE SEND, it will not allow me to define a protocol of UDP SEND, as a consequence the traffic is not recognised and the syslog messages are dropped. Any ideas on how I can resolve this would be greatly appreciated.