I'm not sure if this is the best forum, but it's a good place to
start. This past weekend we attempted to migrate from an older
firewall to BM37 but we had to scrub the migration due to some
problems with the reverse proxies.

We have several internal web services that are visible to the Internet

via static NAT. With the old firewall they pull up just fine, but
when we tried to move them over to BorderManager it kept redirecting
to the BorderManager SSL login page before passing them through.

I think part of the problem is we use BM authentication for outbound
Internet access: usage is limited by a mixture of host names and NDS
group membership. All of the workstations have CLNTRUST running, so
the only reason for them to see the authentication page is if they
aren't a member of the WebUsers NDS group.

I tried adding adding access rules from everybody to
http://service.mydomain.com*.*/* but that didn't work. I tried
disabling the reverse proxy and doing everything via packet filters
but that didn't work. The only thing that seemed to make a difference

was disabling all access rules.

SO - how do I have inbound URL access *without* BM authentication,
along with outbound URL access *with* BM authentication?