Yes your right but I do want to allow everything to/from my public PC. What I meant was that the public PC can get access to ports\services on my ISA server (such as NNTP etc) as if it was on the private network - I was under the belief that these would be protected from a 'perimeter network' unless explicitly opened to it which I have not done. Nigel -----Original Message----- From: Gary Anderson [mailto:gary.anderson@xxxxxxxxxxxxx] Sent: Thursday, 24 January 2002 20:52 Subject: RE: Why can internal PC see open ports? Protocol: Any Direction: Both Why would you not expect to see open ports? ISA is letting everything through to your public IP PC. If the ports are not closed on it and they are not filtered on ISA, then nmap -sA will find them (at least, the TCP ones). You need to do at least one of three things: 1) Filter the ports on ISA 2) Filter the ports on the Public IP PC 3) Stop the services on the Public IP PC that are opening unwanted ports. I would recommend doing all three.