Last weekend was spent playing with my new RVS4000, setting up VLANs and implementing ACL rules. Next weekend will be the VPN, but first there are a few items that are bothering me: 1. where is the manual for understanding how to correctly write ACL rules, and understanding their impact on traffic flow; i have not found this. it has been trial and error and things are operating minimally. 2. Why can hostA on vlanA ping the vlanB gateway IP? Can this be "fixed" with ACL rules? 3. I would like the RVS4000 webserver to be accessible only from one machine on one vlan network. How to disable access from the WAN interface and insecure vlan internal interfaces? 4. How vulnerable is the RVS4000 to man in the middle attacks, arp spoofing, etc. what can be done to guard against these type of attacks? what can be sacrifised to achieve maximum security? 5. it seems you cannot have a completely secure network AND allow "web" access to machines on the network. what are best practices for allowing web access and maintaining full security? Thanks for all the answers, i know this forum will help a lot.