Hello,

I tried to set up a filter on a BM37 server but was not succesful. We
are
migrating from a WatchGuard FireBox II so I know what kind of filters
I
want. One of the filters I want to set up is for time synchronisation
with a
time server from our ISP. On the PRIVATE side of the BorderManager
there is
a server XYZ with IP address 10.10.10.10 who needs to communicate via
port
123 with the time server of our ISP with IP address 192.192.192.192 on
the
PUBLIC side of the BorderManager.

In FILTCFG.NLM I selected Configure TCP/IP Filtersand then Packet
Forwarding
Filters. The List of Denied Packets contains two filters.

Source <All interfaces> / Circuit - / Packet Type <Any> / Destination
PUBLIC
/ Circuit -
Source PUBLIC / Circuit - / Packet Type <Any> / Destination <All
interfaces>
/ Circuit -

In the exceptions list I added two filters to the default list.

Source <All interfaces> / Circuit - / Packet Type NETTIMEP /
Destination
<All interfaces> / Circuit -
Source <All interfaces> / Circuit - / Packet Type NTP-ST / Destination
<All
interfaces> / Circuit -

With this configuration our server is not able to contact the time
server.

Is this configuration OK? Do I only need to do anything beside setting
up
filters in FILTCFG.NLM and if so what? Is there any easy to understand

document on setting up filters?

Thanks in advance,
Marijn Hulman