Hey everyone, The company I am working for is trying to push MS ISA into the dmz... sigh. We currently run ISA on our internal network which all the machines talk to for their proxy which in turn talks to the squid server in the dmz as an upstream proxy. We have done it this way as the company wants to use SurfControl and name resolution seems to work better with ISA. They are installing a Sharepoint server which they will want to give access to people from the internet as well as internal. This brought up the debate on having the ISA server in the DMZ to do the authentication. We currently have squid already doing reverse proxy for some websites and works a treat. I believe they want to authenticate twice but I do not really see the point. They will have to authenticate with the sharepoint no matter what happens. Is it possible to get squid to authenticate a user using Active Directory while reverse proxying? Cheers, Simon