I have a single NW65 sp5 server running GW7 and Bordermanager 3.8. I am
trying to get my LDAP browser to connect on the public card of my server. I
have set up a exception rule in imanager(which I assume modifies the
filtcfg.cfg files) but it doesnt work. unloading the filters allows my LDAP
browser to connect fine


LDAP (from filtcfg.cfg)
PROTOCOL-SERVICE IP, LDAP 389, pid=TCP port=389 srcport=<All>,

PACKET-FILTER-LIST IP, ENABLED, DENY
FILTER ENABLED NOLOG, INTRFACE:<Any>, IP:pid=IP, INTRFACE:PUBLIC, Added
to block all IP packets.
added spaces for clarity
EXCLUDE ENABLED NOLOG, INTRFACE:PUBLIC, IP:pid=TCP port=389
srcport=<All>, INTRFACE:PUBLIC, LDAP
added spaces for clarity
EXCLUDE ENABLED NOLOG, INTRFACE:<Any>, IP:pid=TCP port=443 srcport=<All>
ackfilt=0 stfilt=1, INTRFACE:PUBLIC IP:208.XXX.XXX.XXX, Added by Firewall
Wizard to allow HTTPS (incoming request) stateful
EXCLUDE ENABLED NOLOG, INTRFACE:<Any>, IP:pid=TCP port=110 srcport=<All>
ackfilt=0 stfilt=1, INTRFACE:PUBLIC IP:208.XXX.XXX.XXX, Added by BRDCFG to
allow mail proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:<Any>, IP:pid=TCP port=25 srcport=<All>
ackfilt=0 stfilt=1, INTRFACE:PUBLIC IP:208.XXX.XXX.XXX, Added by BRDCFG to
allow mail proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:<Any>, IP:pid=UDP port=4500
srcport=<All> stfilt=1, INTRFACE:PUBLIC IP:208.XXX.XXX.XXX, Added by BRDCFG
to allow VPN IKE-NAT.(Incoming)
EXCLUDE ENABLED NOLOG, INTRFACE:<Any>, IP:pid=UDP port=500 srcport=<All>
stfilt=1, INTRFACE:PUBLIC IP:208.XXX.XXX.XXX, Added by BRDCFG to allow VPN
IKE.(Incoming)
EXCLUDE ENABLED NOLOG, INTRFACE:<Any>, IP:pid=50 stfilt=1,
INTRFACE:PUBLIC IP:208.XXX.XXX.XXX, Added by BRDCFG to allow VPN
ESP.(Incoming)
EXCLUDE ENABLED NOLOG, INTRFACE:<Any>, IP:pid=51 stfilt=1,
INTRFACE:PUBLIC IP:208.XXX.XXX.XXX, Added by BRDCFG to allow VPN
AH.(Incoming).
EXCLUDE ENABLED NOLOG, INTRFACE:PUBLIC IP:208.XXX.XXX.XXX, IP:pid=UDP
port=4500 srcport=<All> stfilt=1, INTRFACE:<Any>, Added by BRDCFG to allow
VPN IKE-NAT.(Outgoing)
EXCLUDE ENABLED NOLOG, INTRFACE:PUBLIC IP:208.XXX.XXX.XXX, IP:pid=UDP
port=500 srcport=<All> stfilt=1, INTRFACE:<Any>, Added by BRDCFG to allow
VPN IKE.(Outgoing)
EXCLUDE ENABLED NOLOG, INTRFACE:PUBLIC IP:208.XXX.XXX.XXX, IP:pid=50
stfilt=1, INTRFACE:<Any>, Added by BRDCFG to allow VPN ESP.(Outgoing)
EXCLUDE ENABLED NOLOG, INTRFACE:PUBLIC IP:208.XXX.XXX.XXX, IP:pid=51
stfilt=1, INTRFACE:<Any>, Added by BRDCFG to allow VPN AH.(Outgoing)
EXCLUDE ENABLED NOLOG, INTRFACE:<Any>, IP:pid=57, INTRFACE:PUBLIC
IP:208.XXX.XXX.XXX, Added by BRDCFG to allow SKIP Protocol for VPN.
EXCLUDE ENABLED NOLOG, INTRFACE:<Any>, IP:pid=UDP port=353 srcport=<All>
stfilt=1, INTRFACE:PUBLIC IP:208.XXX.XXX.XXX, Added by BRDCFG to allow VPN
Client Keep-Alive & Disconnect.
EXCLUDE ENABLED NOLOG, INTRFACE:<Any>, IP:pid=TCP port=353 srcport=<All>
ackfilt=0 stfilt=1, INTRFACE:PUBLIC IP:208.XXX.XXX.XXX, Added by BRDCFG to
allow VPN Client Authentication.
EXCLUDE ENABLED NOLOG, INTRFACE:<Any>, IP:pid=UDP port=2010
srcport=<All> stfilt=1, INTRFACE:PUBLIC IP:208.XXX.XXX.XXX, Added by BRDCFG
to allow VPN Master/Slave communication.
EXCLUDE ENABLED NOLOG, INTRFACE:<Any>, IP:pid=TCP port=213 srcport=<All>
ackfilt=0 stfilt=1, INTRFACE:PUBLIC IP:208.XXX.XXX.XXX, Added by BRDCFG to
allow VPN Master/Slave communication.
EXCLUDE ENABLED NOLOG, INTRFACE:PUBLIC IP:208.XXX.XXX.XXX, IP:pid=57,
INTRFACE:<Any>, Added by BRDCFG to allow VPN Master/Slave communication.
EXCLUDE ENABLED NOLOG, INTRFACE:PUBLIC IP:208.XXX.XXX.XXX, IP:pid=UDP
port=2010 srcport=<All> stfilt=1, INTRFACE:<Any>, Added by BRDCFG to allow
VPN Master/Slave communication.
EXCLUDE ENABLED NOLOG, INTRFACE:PUBLIC IP:208.XXX.XXX.XXX, IP:pid=TCP
port=213 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>, Added by BRDCFG
to allow VPN Master/Slave communication.
EXCLUDE ENABLED NOLOG, INTRFACE:PUBLIC IP:208.XXX.XXX.XXX, IP:pid=TCP
port=23 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>, Added by BRDCFG to
allow transparent telnet proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:PUBLIC IP:208.XXX.XXX.XXX, IP:pid=UDP
port=53 srcport=<All> stfilt=1, INTRFACE:<Any>, Added by BRDCFG to allow DNS
proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:PUBLIC IP:208.XXX.XXX.XXX, IP:pid=TCP
port=53 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>, Added by BRDCFG to
allow DNS proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:PUBLIC IP:208.XXX.XXX.XXX, IP:pid=TCP
port=554 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>, Added by BRDCFG
to allow RTSP proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:PUBLIC IP:208.XXX.XXX.XXX, IP:pid=TCP
port=7070 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>, Added by BRDCFG
to allow Real Audio proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:PUBLIC IP:208.XXX.XXX.XXX, IP:pid=TCP
port=119 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>, Added by BRDCFG
to allow news proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:PUBLIC IP:208.XXX.XXX.XXX, IP:pid=TCP
port=110 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>, Added by BRDCFG
to allow mail proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:PUBLIC IP:208.XXX.XXX.XXX, IP:pid=TCP
port=25 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>, Added by BRDCFG to
allow mail proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:PUBLIC IP:208.XXX.XXX.XXX, IP:pid=TCP
port=21 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>, Added by BRDCFG to
allow FTP proxy.
EXCLUDE ENABLED NOLOG, INTRFACE:PUBLIC IP:208.XXX.XXX.XXX, IP:pid=TCP
port=443 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>, Added by BRDCFG
to allow secure HTTP.
EXCLUDE ENABLED NOLOG, INTRFACE:PUBLIC IP:208.XXX.XXX.XXX, IP:pid=TCP
port=80 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:<Any>, Added by BRDCFG to
allow HTTP proxy.
FILTER ENABLED NOLOG, INTRFACE:PUBLIC, IP:pid=IP, INTRFACE:<Any>, Added
to block all IP packets.

any help would be appreciated