We are running BorderManager 3.8 SP5 IR1 on top of NetWare 6.5 SP8. Though PROXY.NLM is configured and loaded, most TCP connections are simply routed (i.e. not proxied by PROXY.NLM). For obvious reasons, IPFLT.NLM is loaded.

The firewall has been operating for a long time without any problems. Then suddenly (after a NIC replacement) it has begun to drop TCP sessions after some (2, 3, .., 10) minutes i.e.
- the HTTP download of a large file failed after some minutes
- an SSH session disconnected after some minutes
- an RTSP session disconnected after some minutes
- etc.

We noticed that if IPFLT.NLM is unloaded (obviously, for test reasons only), everything works fine.

These workarounds have not helped:
- unload and immediately reload IPFLT.NLM
- issue a REINITIALIZE SYSTEM command
- restart the server
- repair local eDirectory database

Then we did this (in order to eliminate the possibility of a corrupted filter database):
1. initialized the filter database: instructed iManager to delete all filters and to re-create the factory default ones
2. re-created (re-typed) some of our custom filters
3. we tested the TCP communications enabled by the re-created filters: they worked fine!
4. while we were in the process of creating all the remaining custom filters, the firewall went mad again (by starting to drop TCP sessions after some minutes)
5. we began to reduce the number of the custom filters and -- guess what! -- the firewall started to work correctly

So the number of the custom filters seems to have a threshold value (approx. between 40 and 70):
- above this threshold, the firewall goes mad
- below this threshold, everything works fine

The interesting thing is that before the NIC replacement the same firewall used to work fine even with 100+ custom filters.

Any ideas (beyond completely reinstalling the entire server)?