I'm not sure I know what you mean about putting it in a tid but I'll
try to sum up the problem here...

I have an ftp client application which is part of some banking
program. The client is here behind the firewall and when I run it it
goes out to a host on the internet and conducts a pasv ftp session.
When my filters are up on my BM37 it fails, when my filters are down
it works. I have an ftp-port-pasv-st filter exception in place which
has been working fine for all my ftp needs except this one. When I run
the discard filter debug I get this result...

OUTBOUND packet to "Discard"
Protocol Type=(TCP) Protocol Flag=(SYN)
Source Address=( Destination Address=(204.146.x.x)
Source Port=(1192) Destination Port=(51756)
Source TOS=(Dynamic) Destination TOS=(Dynamic)
Source Interface=(2) Destination Interface=(3)
Source Circuit=(46519) Destination Circuit=(1854)
Source GroupID=(0) Destination GroupID=(0)

Discard filter rule from "Filters" list
Filter Protocol Type=(IP)
Source Interface Type=(Any) Destination Interface Type=(BOARD)
Source Address=(Any Address) Destination Address=(Any Address)
Source Interface Number=(0) Destination Interface Number=(3)
Source Port Range=(0-0) Destination Port Range=(0-0)
Source TOS=(Reserved) Destination TOS=(Reserved)
Source Group Name=(None) Destination Group Name=(None)
Source Group ID=(0) Destination Group ID=(0)
Source Remote System ID=(None) Destination Remote System ID=(None)
Source Circuit=(0) Destination Circuit=(0)

When I look at the log that the banking application keeps for the ftp
session it looks like this...

220 ieftpint2 IE-FTP server (xxxxxx) ready on system USA. ---> AUTH
234 AUTH command accepted - proceed with Negotiation. ---> PBSZ 0
200 Protection buffer size successfully set. ---> PROT P
200 Data protection level now set to 'P' (Protected). ---> SITE
confirm 1
200 NOOP confirmation is set ON. ---> USER xxxx
331 Enter Password. ---> PASS XXXX
230 Ready. ---> SITE cdhlist always
200 CDHLIST set to ALWAYS. ---> PASV
227 Entering Secured Passive Mode (xxx,xxx,xx,xx,138,251) Connecting
to xxx.xxx.xx.xx on port 35579
---> QUIT
221 Goodbye. Thank you

For some reason some filter is blocking my ftp session and I can't
figure out what kind of exception to put in place to make it work.
That's pretty much the jist of my problem. Near as I can tell when the
client tries to connect in secure passive mode the firewall kicks it