Strange problem: Steve is my test web proxy client Protocol Rule HTTP, HTTPs allow always any request Site and Content rule Http allow User Steve all external destinations ( Steve can surf to anywhere) Protocol Rule FTP Allow always user Steve Site and Content Rule allow User Steve destination set Destination set contains only ftp.microsoft.com Steve can Ftp to any Ftp site regardless of the destination site ( Trying to limit steve's FTP ability to only what''s defined in the destination set..not working) FTP from a Web Browser as secure nat or firewall clients are not used. Am I missing something related to tunneled/CERN FTP since we are doing FTP through a browser? Thanks Fred C