No joy on the ISA list. Anyone have SSL VPN appliances in their environment and had to decide how to treat those users within ISA yet? I need to decide what the best practice should be for these types of connections. My inclination is to treat them like any other VPN and keep them separate from the rest of the network by only allowing a minimum of access but soon this site will start using the SSL VPN for branch office connection and that throws a wrench into my plan. Should I let them into the LAN? Should I create a DMZ for them? The SSL VPN Appliance that I've got to deal with is Positive Networks. It's currently being used to publish a database application and keeps users to only that app. It does quarantine the workstations and inspect them for anti-virus software and service pack level; after that they are assigned an IP address range that is unique to users coming in through SSL VPN. This product is a competitor of Whale, near as I can tell and now that Microsoft has entered this realm we're all going to have to deal with SSL VPN connections eventually. So what are your thoughts on this? Amy