I'm trying to get the transparent proxy working correctly, but it seems to
be ignoring the firewall settings in FILTCFG.

I am using the regular HTTP proxy, with an 8e6-filter proxy cache client,
and that all works fine. It properly filters all sites with the 8e6
filter, whether or not "Must forward through hierarchy" is enabled.

Meanwhile the server has two NICs, and FILTCFG is set up to deny direct
access to port 80 and 443 through the BM firewall. This is also all
working correctly with transparent proxy disabled. Direct access with no
proxy configured just simply times out, nothing happens, etc.

However, with the transparent enabled (and using SSL login) once logged in
the transparent proxy is partially ignoring the 8e6 filter and pulling
sites straight off the Internet, unfiltered. Some obvious blocked sites
(like playboy.com) come up with the 8e6 block page, while other sites
(like the drug site erowid.org) are getting through the transparent proxy

The only transparent proxy exceptions are for our internal NAT'd webserver
and five static-NAT ports for video streaming. all else that uses port 80
and 443 are handled by the transparent proxy.... and that is getting past
the firewall and proxy cache hierarchy (whether or not "Must only forward
through hierarchy" is enabled).

Any ideas?

NW6 SP3 / BM 3.8.0