All I have a customer that wants to block all sites apart from a destination set that contains the sites they want the call centre people to access to process credit card details. When I enable the S&C rules, the users can access the normal sites but not the HTTPS part of the site. In the Destination Set what should I be putting, eg www.securetrading.net or https://securetrading.net with the path of /* The config is W2k, ISA SP1 and NT4 Clients with the FW client installed. Your help would be much appreciated. Regards Graham