Allow me to bounce this off the discussion group - My ISA Server has 3 network interface cards, one connecting the Internet, one connecting my Perimeter Network (DMZ) and the other connecting my inside private network. My LAT has 2 subnet entries, one defining my private network and the other defining my DMZ. I have noticed that when I publish services from servers on my DMZ, for example, FTP, I can also access this FTP Server from my private network, this to me is a huge security risk. I have contacted Microsoft about this and their suggestion is to remove the DMZ definition from the LAT, this way ISA will not view this subnet as a private or inside subnet, when I go to remove the DMZ LAT Definition, ISA complains because one or more of the publishing rules use one or more of the IP addresses defined in my DMZ LAT definition, the only way I can get around this is to delete all my server publishing rules and replace them with Packet Filters, I attempted this the other evening after hours and found that the packet filters I created to replace the Server Publishing Rules did not work, example, MY DNS Services. I restored the ISA configuration and rebooted, crossed my fingers and things did come back, but I am still faced with services crossing between my Perimeter Network and my Private Network, I should be able to secure each interface and and create access polices to what ever service I wish to span my Perimeter Network and my Private Network, this seems to be challenging and I was wondering how other implementations of ISA using 3 Network Interface Card design has solved this problem. Thank U Glenn