Have BorderManager 3.7 -- All internet access is via proxies. We have an
application running on the workstations which needs to reach an update
server in a DMZ (it services multiple other subnets as well). There is no
DNS zone for "inside" the DMZ. Three criteria must be met:
(1)The server listens on port 80 (can't change) and
(2)it will only accept connections from the BorderManager "outside" ip
address (also can't change).
(3)the application on the workstation will not "use" the browser proxy

I have tried 2 things: first, a filter exception to permit port 80 from
the workstations to this server. That partially works, but the internal
addresses appear, so rule #2 is broken. We are not using NAT and prefer
not to.

The second thing worked fairly well--a Generic proxy listening on a high
port and sending on to the server's ip address on port 80. The server is
happy. The workstation app is set to the proxy address and port. They also
work. The only problem is that every time a workstation generates a
request, BorderManager sends 4 in-addr.arpa requests for the server's ip
address. So we are getting thousands of requests going out to our ISP's
DNS servers which, of course, can't answer. After the 4 failed requests,
BorderManager goes ahead and sends to the server's ip address and all goes
well from there. The question is--how to stop the problematic traffic!
Regards, Chris G