Hi Jason, I haven't used the custom UUIDs for DC protection, I've always used the RPC (all interfaces). You almost always have to have different arrays for different sites, since the internal and external interfaces are on different network IDs. What issues with AD replication have you run into? Thanks! Tom Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ________________________________ From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones Sent: Thursday, June 29, 2006 7:55 AM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Poll - Securing DC's with ISA Hi, Quick poll as I am interested in how many of you have used/are using ISA to protect domain controllers in production environments? Have you found it painful or painless in production? If this is something you have done, are you simply using the RPC filter in its native form or have you filtered to the UUID level? How have you coped with DC's that are located across different sites - using different arrays I assume? Does AD replication make this difficult? Based upon forums and discussions with my MS contacts, it seems difficult to get much feedback on this... Thanks for any feedback :-) Cheers JJ Jason Jones | Silversands Limited | T: 01202 360489 | M: 07971 500312 | F: 01202 360900 | E: jason.jones@xxxxxxxxxxxxxxxxx <mailto:jason.jones@xxxxxxxxxxxxxxxxx>