Hi,

I have a test BM3.7sp2+FP3 server running on NW6sp3.

There are three nics: 1 Public and 2 Private.

Transparent Proxy is enabled, DNS Proxy is enabled, Proxy
Authentication
is enabled with SSO and SSL on Port 442 with HTML selected. Also, the

'Authenticate only when Restricted Page Accessed' option is enabled.

I have two rules: allow, Source Any, Destination Specified URL; and
allow, Source Specified NDS user, Destination Any.

Default filters and exceptions are in place, via brdcfg.nlm, and are placed on the Public Interface.

Here is one of the problems, and the main one right now: when
accessing
a restricted url from a not-logged-in workstation the SSL Login screen

does not come up. The browser (IE5.5) times out. I have traced it
down
to this - the browser is being redirected to the ip addy of the Public

interface for the '/BM-Login?xxx.xxx.xxx.xxx' page. If I manually put
in
the Private IP addy the SSL Login page loads just fine and browsing
works
just fine too (assuming of course that I do not typo the nds
username/password).

If I am logged into NDS via client32 and clntrust is loaded then
browsing
also works just fine.

If I unload the filters the SSL Login comes up just fine.

So the questions I have are:
1. What can I do to cause the SSL Login redirect to go to the Private
IP
addy (actually two private IP addresses, one per private side nic) - assuming this is where it should go.
2. If my assumption is wrong about where the SSL Login page should
load
from, that in fact it should be the Public IP addy, then what would be

the correct filter exception(s) to put in place.
3. Is there an even better option than either of the two previous?

Thanks for your help!

Ron Neilly