Great, it all seems to be working OK. Which brings me back to my
original problem which is this: can you think of a reason that this
filter rule would be blocking an FTP session which I am trying to
establish from a client behind the Bordermanager to the outside world?
Also bearing in mind that I have a ftp-port-pasv-st filter exception
that seems to be working fine for all other ftp needs. Also attached
is a log of the session generated by the application. What do you
think? Thanks.

---------------

OUTBOUND packet to "Discard"
Protocol Type=(TCP) Protocol Flag=(SYN)
Source Address=(10.0.0.96) Destination Address=(204.146.x.x)
Source Port=(1192) Destination Port=(51756)
Source TOS=(Dynamic) Destination TOS=(Dynamic)
Source Interface=(2) Destination Interface=(3)
Source Circuit=(46519) Destination Circuit=(1854)
Source GroupID=(0) Destination GroupID=(0)


Discard filter rule from "Filters" list
Filter Protocol Type=(IP)
Source Interface Type=(Any) Destination Interface Type=(BOARD)
Source Address=(Any Address) Destination Address=(Any Address)
Source Interface Number=(0) Destination Interface Number=(3)
Source Port Range=(0-0) Destination Port Range=(0-0)
Source TOS=(Reserved) Destination TOS=(Reserved)
Source Group Name=(None) Destination Group Name=(None)
Source Group ID=(0) Destination Group ID=(0)
Source Remote System ID=(None) Destination Remote System ID=(None)
Source Circuit=(0) Destination Circuit=(0)

---------------------

220 ieftpint2 IE-FTP server (xxxxxx) ready on system USA. ---> AUTH
TLS-P
234 AUTH command accepted - proceed with Negotiation. ---> PBSZ 0
200 Protection buffer size successfully set. ---> PROT P
200 Data protection level now set to 'P' (Protected). ---> SITE
confirm 1
200 NOOP confirmation is set ON. ---> USER xxxx
331 Enter Password. ---> PASS XXXX
230 Ready. ---> SITE cdhlist always
200 CDHLIST set to ALWAYS. ---> PASV
227 Entering Secured Passive Mode (xxx,xxx,xx,xx,138,251) Connecting
to xxx.xxx.xx.xx on port 35579
---> QUIT
221 Goodbye. Thank you