I have a test BM3.7sp2+FP3 server running on NW6sp3.

There are three nics: 1 Public and 2 Private.

Transparent Proxy is enabled, DNS Proxy is enabled, Proxy
is enabled with SSO and SSL on Port 442 with HTML selected. Also, the

'Authenticate only when Restricted Page Accessed' option is enabled.

I have two rules: allow, Source Any, Destination Specified URL; and
allow, Source Specified NDS user, Destination Any.

Default filters and exceptions are in place, via brdcfg.nlm, and are placed on the Public Interface.

Here is one of the problems, and the main one right now: when
a restricted url from a not-logged-in workstation the SSL Login screen

does not come up. The browser (IE5.5) times out. I have traced it
to this - the browser is being redirected to the ip addy of the Public

interface for the '/BM-Login?xxx.xxx.xxx.xxx' page. If I manually put
the Private IP addy the SSL Login page loads just fine and browsing
just fine too (assuming of course that I do not typo the nds

If I am logged into NDS via client32 and clntrust is loaded then
also works just fine.

If I unload the filters the SSL Login comes up just fine.

So the questions I have are:
1. What can I do to cause the SSL Login redirect to go to the Private
addy (actually two private IP addresses, one per private side nic) - assuming this is where it should go.
2. If my assumption is wrong about where the SSL Login page should
from, that in fact it should be the Public IP addy, then what would be

the correct filter exception(s) to put in place.
3. Is there an even better option than either of the two previous?

Thanks for your help!

Ron Neilly