Unfortunately, your desires are at cross purposes. 1. Destination sets only operate in the Web Proxy service 2. The Web proxy service only supports FTP download Also, the only way to limit outbound FW or SecureNAT client traffic *_to_* a destination is to use packet filters. I agree that having DS apply to protocol rules (where the FW service operates) would be a kewl addition, but that's just not part of ISA at the moment... You might want to check out some of the third-party offerings (wish I had time to play with them all) listed at www.microsoft.com/isaserver/partners. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: Mathew_Diaz@xxxxxxxxxxxxxxx To: [ISAserver.org Discussion List] Sent: Tuesday, June 18, 2002 3:25 PM Subject: [isalist] FTP With Destination Sets http://www.ISAserver.org Good day. I'm trying to enable Firewall clients to have the access to full FTP (not just Download), but grant access to only a particular site(s) based on a clients request. Can anyone explain the procedure I would need to follow for enabling this type of FTP access? Current Full FTP clients have access to any FTP site out there. I've been asked to start locking down Full FTP access on a per site and per user basis. Any help would be greatly appreciated. Thanks. Mat Diaz #92-582-1124 (805) 955-1124 ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')