I'm not sure what I'm doing wrong. I have a basic "Web Access" Firewall Policy that allows HTTP and HTTPS from Internal to Internal/External for All Users, all the time. That allowed web browsing, obviously.
Then I wanted to fine tune things. I set Content Type to Selected content types, checking all except Video. Seemed to work great, blocked news videos on MSNBC, blocked videos from YouTube, etc;. Then users started complaining that they couldn't access basic things like Gmail, and other HTTPS sites. As soon as I enabled All content types, they could log in.
I have had the same problem when I did the exact same thing but was trying to stop Streaming Audio.
In the end I removed HTTPS from the existing Web Access rule and I had to create a seperate rule for HTTPS and not do any Content Filtering.
I think this is because the HTTPS protocol is encrypted and since ISA would not be able to look at the encrypted traffic, ISA just blocks all HTTPS traffic. Don't know if there is another way and maybe someone else will suggest it.