Here's a situation for y'all to ponder:

2 ea Bordermanager 3.8, SurfControl, about 9 total access rules, only
denying access to Gambling, Games, and "Porn."

Users (primarily public library users) are attempting to access a website
to view traffic enforcement FLASH videos from red light cameras here in the
city from citation info mailed to them.

The website requires that the user input the traffic citation number, their
license plate number, and a generic password. Then a non-machine readable
verification code, which then takes them to a webpage with their DOT/DPS
information, and a Flash Player window with a "Play/Pause" button and a
"Reset" button. The link is to a .asp page on the providing server.

Pushing the Play button should cause the flash movie to display, but all it
does is change to "Pause" and the flash screen area remains browser
background white. No video.

Now, with very few exceptions, all VLANs within the network are REQUIRED to
pass thru BorderManager in order to access the internet, there are no NATs
that would allow them to bypass NBM. The workstations on these VLANs
CANNOT display the flash video from, as far as we can tell, only this
website. They can, however, play flash videos from any other site that
we've been able to find:, google, etc., with no problems at

Sniffer traces indicate that the request is leaving NBM, passing thru the
PIX, being returned thru the PIX to NBM, and dying. The indication is that
the video is reaching the BorderManager, trying various ports, and not
making it through. HOWEVER, on the VLANs that allow bypassing the NBM, you
see the video trying to pass thru the NBM, being unable to, and even though
the "internet settings" require that the proxy be used, then bypassing the
NBM and reaching the workstation to display the vid.

This is the case even when NOT enforcing access rules.

If anyone has any ideas at all, they would be appreciated.


Jim Avery