This may or may not be the correct group, but here goes:

In order to cycle/recycle some hardware, I've recently installed a
second
BorderManager (NW5.1sp6/BM3.7sp2, etc.) server with the intention of supporting SurfControl and access rules. The old server was just a
proxy
accelerator with no access rules enabled.

The problem that my security guy is seeing (Cisco IDS/HP OpenView) is
that
almost every connection that is taking place from the new BM server
shows
up as an HTTP Connect tunneling connection and is being reported as a

hacking exploit.

As far as I can tell, by comparing the configurations on the two
boxes, the
only difference that I can see is that access rules are enabled on the
new
box.

If anyone has any ideas, they will be greatly appreciated.

Thanks,

Jim