We're using BM38 latest sp (using SurfControl access rules) and Blackberry
Enterprise Server 4.0 hot fix 2 with 7290 handsets.

The MDS services on the BES is configured to browse for the handsets and
uses a user specifically setup for this purpose. This user can browse the
Internet ok from a PC with clntrust running without any problems.

When trying to browse from the handsets you get the error 403 Forbidden and
the details are from BM saying Policies have restricted you.

This means that we're getting as far as the BM server but being stoppped by
the policies even though the user on the BES server isn't restricted.

Anyone got any ideas?? Also how does clntrust fit into all of this when you
can't run it on the handsets or from within the BES setup??