Doc,

Regarding performance of "software" vs "hardware", I can't speak for TMG (they haven't upgraded yet and that's our largest ISA/TMG client), but we used a pair of ISA 2006 firewalls in an NLB configuration at the travel agency HQ. Every user in North America (about 4000 in total) was connected to the HQ site and used the ISA array for content filtering and proxy services. A pair of dual-processor 2.33GHz servers with 4G RAM (32b O/S, as required by ISA) handled an average daytime load of 12,000 transactions per minute each, and rarely ran above 8% CPU load. Note that this is transaction/minute, not packets per second, which would be MUCH higher. In ISA/TMG, a "transaction" is every complete web connection, from initial request to final delivery of all page content, usually many dozens of packets.

Glenn
_________________________
Actually I am a Rocket Scientist! \:D