I have started migrating staff to our new ISA 2006 servers for outbound traffic and am seeing a problem. It appears that the problem comes up when they go to a secure site. When I do live log tracking, I show that the requests are failing because they failed to match any rules (and are hitting the default deny rule). However, I have a rule that allows HTTP and HTTPS traffic for these staff. In researching the problem, what I have found is that the problem goes away if I set the rule to allow "all content types". The rule was setup to disallow some contents types, such as application. What is interesting is that even if I selecte EVERY available content type, the traffic will still fail. In troubleshooting, I have seen failures for types of ".js" and ".swf", but I have ensured that they are included in an allowed file type at this point. The 2 things that triggered the complaints was trying to access Yahoo mail and Gmail. We also tried another secure site, PayPal, to try and determine if it was every SSL site and that failed, too. I don't know if it is default behavior or not, but in the failed requests it shows the destination address as the ISA Server address (External (10.100.199.11:443)) while request shows the site they are trying to access (e.g. www.google.com:443). When I enable all content types, the destination shows the actual site. I am new to the logging feature and ISA 2006 (we are migrating from version 2000--ouch), so I may be missing something entirely. We really need to be able to disable average staff from downloading executables and some media types (e.g. video), and I thought this was the right way to approach it. Does anyone have any suggestion, comment, etc? I have no doubt there is something I am doing wrong or missing, but I am not sure where to go from here. ~~~~~~~~~~ Bill Mayo Network Administrator Pitt County MIS