We have an ASA firewall with 3 active interfaces on it. Inside,outside,and a dmz interface. We have workstations in the DMZ that only communicate with the internet. The Sec level for this interface is 50. There is no ACL or NAT's in place as the dmz segment should not be communicating with the inside network. However, we have a websense server and want to enable URL filtering on it to filter the internet bound traffic for the dmz segment. The server is on the inside network and currently functions fine for filtering traffic for inside hosts. Apparently a while back someone tried to enable the filtering for the DMZ and it never worked, so they disabled it. I don't have any details on it or why it didn't work. All I can tell you at the point is they want to try it again. How does this work for the dmz internet bound requests? does the ASA make the request on behalf, or do I need to allow the http requests for the dmz segment into the inside to the websense server? What is needed to make this work? I believe the inside network does have a route to the DMZ segment, as an fyi.