I have an interesting problem.
We 'upgraded' from BM 3.5/NW5.0 to new hardware & new server OS (old name,
old name was deleted via ndsmanager) to BM 3.8 on NW6.0 all patched.

BM rules are enabled and I have re-entered the rules fresh.
PC's are Win98 & WinXP and CLNTRUST (v1.4) is loaded at login thru the login
script. I tried using the version that came with BM3.8 (1.5 I think) but
that hung the PCs at login! Various posts have suggested 1.4 is ok.
The default rule is of course a deny rule (at the bottom) but I do have many
rules in place that should allow a user to access most sites without
problem. But ocassionly users will get a deny; so I have put in a temp rule
at the bottom of allow all.
I had authentication set to authenicate only when accessing a restricted
site, but changed it to always as a test yesterday. This caused major
problems this morning. Vet our virus package, auto downloads as required
and it wasn't able to get out so I had to turn the authentication back to
"as required" again.... after several hundred emails latter telling me that
Vet had download problems from many PC's.

As a test I set a deny rule to www.microsoft.com, and didn't get a blocked
page from BM (at least not for a very long time). I also tested going to my
BM server http://bmserver:1959 and didn't get a reply suggesting the mini
proxy on port 1959 server isn't very happy. I unloaded the IP filters - no
I did get a prohibited message evenually. But if I refresh its a long delay

Any help or ideas gratefully received.