when you install it, by default it allows no traffic through. So you have to create a rule that "allows" all traffic for testing and then create various rules to only allow the services that you want. For OWA you'll have to create destinatin sets (assuming the mail server is not the ISA server).... It's a rather complicated product. I've deployed it about 5 times having Citrix, Exchange, Web servers etc.. behind it. Feel free to e-mail me if you have questions or need more detailed info....