Chris:

I didn't "redo the config" per se.... I changed the default route on the clients through DHCP provided by my AD servers.... It all seems to be fine now... At least, I haven't had any complaints and the systems is passing mail etc. just like I envisioned it would when I added the darned route.... I've given up thinking aloud about this.... People think I'm nucking futs walking around saying "If the default gateway of the client is 192.168.3.1 and the default gateway of the router at 192.168.3.1 is 192.168.3.4 then......"...

Road: No pix.... I'm a Watchguard kid... Used to be really expensive but now the price seems comparable..... Having never used a pix I can't comment on pro's and cons but the Watchguard is a pretty powerful firewall with lots of "sexy" features.... Try one... You'll like it.... The only thing I don't like is the manuals and the online help.... They frigging suck.... You either already understand _all_ the terminology _they_ use, up front, or you are lost..... It's trial and error time.... 'cos the help is like M$'s... Totally accurate but of no use to anyone.... I'm still finding cool features that some nice documentation would have turned me on to 5 years ago....