I assume this is what you have, given the fact that pointing IE to the upstream server is actually letting them through: Internal ISA 1---- | DMZ | | Internal ISA 2------ ISAx --|-- ISAy -- Internet | | Internal ISA 3---- If so, create a client address set on ISAx to only allow incoming requests from the Internal ISAs. -Shawn -----Original Message----- From: Andy Greenhalgh [mailto:andy.greenhalgh@xxxxxxxxxxxxxxxxxxx] Sent: Monday, August 09, 2004 12:52 PM To: [ISAserver.org Discussion List] Subject: [isalist] Using the firewall client to webproxy access upstream ISA server http://www.ISAserver.org We have a back to back ISA server DMZ configuration. We run 3 internal ISA servers for 3 separate internal networks, Corporate, Education, and Public Library. The DMZ has a single connection to the internet. Each internal network has different content filtering requirements so the content filtering is installed on each internal ISA server. Some of our more technically able users are bypassing the content filtering by configuring Internet Explorer to use the uptstream ISA server IP address and using the firewall client to reach the upstream ISA server. Is there a configuration which can prevent this? Our users will still need to access some content using the firewall client. Andy Greenhalgh ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx