Ray, I guess it partly depends on whether you want to be able to track, or restrict access based on user names... When using secure NAT, anything going through the firewall client will be allowed or denied based on IP addresses. If you want to restrict the abilities of a group of users, you will need to set them with static IP addresses, or on their own subnet, or with DHCP reservations, etc etc etc for secure NAT to restrict the access... Using the FW client, you can restrict any traffic by user name... If you're content to let all the users run wild on the internet, or are going to use the same access policy for all users, secure NAT will work just fine... I'm sure there are other pluses for the FW client, but that's the first thing that comes to mind... Joe Pochedley -----Original Message----- From: Ray Dzek [mailto:rdzek@xxxxxxxxxxxxxxx] Sent: Thursday, October 25, 2001 12:22 PM To: [ISAserver.org Discussion List] Subject: [isalist] To client or not to client? http://www.ISAserver.org Is there a compelling reason to install the FW client instead of just setting up the browser to use web proxy? If Secure NAT is on, everything seems to work just fine. After having installed the Proxy 2.0 client, I'm not looking forward to doing that again if there is no substantial benefit. Ray Dzek Network Operations / Helpdesk Specialized Bicycle Components 15130 Concord Circle Morgan Hill, CA 95037 Ph: 408-782-5420 Fx: 408-782-5421 Pg: 408-589-4250 ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: JoePochedley@xxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')