Jim, I discovered the issue. It's always the simple stuff that trips you up! This is the quote on isaserver.org that turned on the lightbulb... "Note that it?s not just enough to create a Site and Content Rule that denies access to all sites except the allowed Destination Set sites. You must always create a second Site and Content Rule that allows the user access to the allowed Destination Set sites." Of course, I had no specific allow rule. Simple Thanks again for your reply. ~G!