Jason:

If IIS is set to listen on a custom port, does that mean the firewall is between client browser and web server and IIS is listening through this port on the firewall? If so, is there a way to hide the port address in the URL? Can a SOAP request specify a custom HTTP port.

For desktop C\S apps using TCP\IP, does using the VPN makes the firewall unecessary? IOW, is getting authenicated by the VPN secure enough that you don't need a firewall?

Thanx,
Charlie