I thought so, but wanted to be sure. Thanks! >>> On 1/8/2008 at 11:09 AM, <steveg@xxxxxxxxxxxxxx> wrote: The session between the user and the CAG is SSL encrypted regardless of what passes through it. The session between the WI and the PS farm is not encrypted by default but can be by adding certificates to these servers and requiring a secure connection. Usually the WI and PS are on the LAN and this not a concern. Steve Greenberg Thin Client Computing 34522 N. Scottsdale Rd D8453 Scottsdale, AZ 85266 (602) 432-8649 www.thinclient.net steveg@xxxxxxxxxxxxxx From:thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Chad Schneider (IT) Sent: Tuesday, January 08, 2008 9:24 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] CAG to WI If I have users connect to a CAG, then use WI to connect to published applications, are those applications then protected in an SSL tunnel? I am concerned that they are simply unprotected ICA traffic on the internet. ChadSchneider Systems Engineer ThedaCare IT 920-735-7615