Hello Group - My ISA server has 3 Network Interface cards, one to the Internet, one for my DMZ and the third that connects my private network, I noticed that when publishing services like HTTP and FTP for clients on the Internet, this same access is allowed from my Private network segment to my DMZ as well, in Summary, I have HTTP and FTP servers on my DMZ that I publish for clients on the Internet, with out creating any access policies these same services are available or accessible from my Private Network Segment, according to Microsoft, the only way I can secure interfaces like my DMZ interface, I need to remove the DMZ IP address range from the LAT, then create access polices using site and content or protocol rules, which is fine, but when I go to remove the DMZ Definition from the LAT, ISA returns an error and will not allow me to delete it because one or more the published servers occupy an IP address that is in the range from the DMZ that I have defined in the LAT Could anyone please provide me some insight as to how I might remove the DMZ LAT Definition with out breaking my already published servers ? Thank you group Glenn