THE PROBLEM GUI Location: Site & Content Rules\my users allow rule\HTTP Content Tab: Whenever I select the radio button "Selected content groups" my FW Clients cannot resolve our ISP's POP3 hostname. This occurs *even* if I allow ALL the default ISA content grps. As soon as I select the radio button "All content groups" they can then resolve OK again. MY DIAGNOSIS I think what's happening is that by limiting them to "Selected content groups" ISA stops them using its DNS Proxy and hence hostname resolution fails. If I disable the FW Client s\ware but it appears that when the FW Clinet is enabled it forces all DNS resolutions through ISA's DNS Proxy. MORE INFO Yes I have a protocol rule in place that allows my clients DNS Query, POP3, SMPT, HTTP, HTTPS so that shouldn't stop them. My internal DNS is set to Forward to my ISP's DNS - my clients can succesfully resolve the POPs hostname when the FW client s\ware is disabled. QUESTION How can I use the "HTTP Content" feature to limit Web content downloads and still enable my clients to resolve NON Web based hostnames? Is this a bug - surely DNS resolution shouldn't be controlled by the HTTP Content tab but by a Protocol rule. Anyone succesfully used HTTP Content control other that allowing "All content groups" Regards Nigel (MCSE + I + ISA) TechBase