We want to authenticate all LAN users for all of their access to outside WEB. (We used to setup the ISA to simply allow All users). All Lan PCs are installed with Firewall client. On the ISA server (2004 or 2006), I created 2 rules: first allow All Users to go anywhere for any protocol except HTTP. Second all certain users to go anywhere with HTTP. We donít have Active directory, and for simplicity and test purpose, I created users1 and user2 on ISA (Win2003) server and setup the second rule to allow these 2 users to go WEB. Also on ISA server > configuration > network > Internal > Web proxy > authentication > tick "integrated" However I got problem here: On all Lan PCs, the "Firewall client management" icon at the right bottom of the screen showed "Cannot authenticate with isa server", thus no ftp / telnet / IE could go out. However if I setup "Internet options" with proxy server = isaserver, then my IE would be prompted username / pswd and then go out to WWW. But no for telnet / ftp etc. Could someone please shed some lights on this issue? We want standard FirewallClient installed on all LAN PCs, (not Web proxy, as it might affect IE to access internal Web). And ISA should authenticated users before granting access to outside.