I have been working with BorderManager for years and it seems like I
should be able to figure this out, but it still puzzles me. When I
upgraded to BM 3.8, I deleted and then re-created all my filters.
Everything works OK except when I tried to set up the filter to allow
Dynamic packets with ACK back into the Proxy. It just will not work.
Let's say my public IP is 2.2.2.2 and the Private IP is 1.1.1.1

Here is the default filter to deny:
<All interfaces> <Any> Public
Public <Any> <All Interfaces>

This is the outgoing filter exception for the Proxy. Since we have
apps that use a lot of different ports, I need all ports open going
out.

Src: All Interfaces, Dest: Public, Packet type: Any,
Protocol: IP, ACK: no, Stateful, No
Src: Host, 2.2.2.2, Dest: Any
Allows all packets out from Proxy

This is the filter I was trying to use for incoming:

Src: Public, Dest: All Interfaces, Packet type: Dynamic-ACK
Protocol: TCP, ACK: yes, Stateful, No
Src: Any, Dest: Host, 2.2.2.2
Allows Dyanamic packets with ACK back in to Proxy

But it does not work. The browser just hangs on any page. This is
what I ended up using for an incoming exception for the Proxy:

Src: Public, Dest: All Interfaces, Packet type: All,
Protocol: IP, ACK: no, Stateful, No
Src: Any, Dest: Host, 2.2.2.2
Allows all packets in to Proxy

I am not comfortable with this, but I have not been able to get my
dynamic-ACK filter to work. The Proxy does work and no one can browse
without using the proxy setting. I am using a separate filter,
UDP/DNS-ST for DNS lookup and that does not go through the Proxy.

Anyone see what I am missing?

Mark Rodgers