Thank you very much but as you can see, the document reports a different procedure for each of the two BES version 4.0 and 4.1.
In the second one, unlike the 4.0 version, the Manager doesn't admit regular expression but only the usage of "*" char.
And this is not enough for me that have to configure more complex rules in order to both give Internet access and blocking traffic to internal servers.
I can confirm that also today I tryed to modify the rules directly on the SQL server, of our test environment, and regular expressions worked fine.
So this restriction seems to be introduced by the GUI.
Another problem is that it's not clear to me how rules are evaluated. "Deny" seems to win over all, even if there is a more specific "allow" rule. Strange overall is the fact that rules are evaluated independently of their position.
I'm seriously taking into account to use a firewall to control the traffic, but in this case I'll loose the possibility to make user based access control.
So, other suggestions are still welcome.