I ran into a wierd issue over the weekend.

We have two NW 6.5 SP8 server with BM 3.9 SP1 server and it has worked great. We just completed a new rules rollout where we used both servers for testing different scenarios. This gives me a good idea that both servers are working as expected.

So, I decided to apply BM 3.9 SP2 to one of the two servers. After applying the patch, testing looked good and stable.

I had a couple users test the server we patched and I got some wierd results. We have about 20 rules and around rule 7, we have a deny rule that blocks certain subnets from surfing the internet except to very specific list of approved sites.

What I noticed is that after the SP2 patch, this rule appears to block workstations that are NOT in the subnet the rule applies to.

I tested DNS and results are coming back with the correct IP address.