After re-reading my last 2 posts, I feel that it is possible for a lot of confusion on my point. I would like to very briefly clarify something. When an IP is in the DMZ, SPI is still happening, however, you have basically said: "I don't care if the packet was unsolicited or not, send it to me anyway". So in that regard, you could say that you are bypassing the firewall. However, the actual process of inspecting the packets still exists. And that could possibly affect the traffic you are trying to get in. That is why I said that in my opinion, it is best to turn off the SPI firewall all together and use software or hardware firewalls separately. Plus; for those who do gaming or other activities that require certain ports, you most likely will have an issue if you use the DMZ for voip. You can only have 1 device in the DMZ. And if you do that, then port forwarding will get messed up, because DMZ wants to forward ALL ports to that one IP address. Thanks for letting me clarify.