[MarioL]

There are few things you probably should consider first:
- The username/password are being sent in clear text, not ideal
- Your rule might be too permissive, since it allows any traffic to any destination. It's good practice to limit the destination and/or services (otherwise an infected/compromised/rogue can do a lot of stuff

In your case I'd consider:
- Getting an ISA, use it to proxy all access out and authenticate users (since this uses hashes rather than clear text which is much safer
- Using Client Auth with SSL (user must authenticate specifically)
- Using Session Auth, since it can use encryption (I don't like it that much tbh)

The only real enterprise solution to do the SSO that you mention with Check Point is Meta IP, which isn't that popular and is also expensive/requires changing quite a few things. I think this isn't even Check Point anymore, not sure.