Sorry for the length, I'm just getting started with border :)

Current Config:
Border Manager 3.7 / NW51sp5
Single Interface
HTTP Proxy only

We are on a rather large campus based on 10.x.x.x. and have two
subnets of our very own: 10.6.12.x and 10.6.11.x. There are a ton ofother 10.x.x.x subnets that have "intranet" servers on them that I
want everyone to get to. I also want to be able to block some users
from getting out to the internet at all.

I thought I could make a Internet group and an Intranet group, then
allow all from Internet to any (that works), and allow all from
Intranet to 10.0.0.0 with a subnet mask of 255.0.0.0, but that doesn't

do what I thought it would (allow anything that started with a 10.).
Then, I used a specific server's ip address in the rule, when I
accessed it by name, it was blocked, by ip address, it was ok (when Iping'd the name, i used the number i got in the reply as the ip
address for the rule)

I know that I can set the browser to NOT proxy what is local, but
wouldn't that only be the 10.6.12.x or 10.6.11.x stuff depending on
their subnet? If so, can I change that to 10.x.x.x? How?

What we have done at other sites is to specify each intranet server as

needed, but I wanted a cleaner way of doing it so we wouldn't be
updating the rule all the time.

Thanks!

Oh - btw - I have seen some stuff on the custom error pages. I was
thinking if we had to do this on a per server basis, it would be
helpful to have a custom error page that informs the user the page isblocked with a message that if they think it shouldn't be to let the
helpdesk know, with a button that would send an email to the helpdeskwith the user's name and the site they were trying to get to
(automatically so that the user doesn't supply the information). Is
that possible??