[RayPesek]

I need a reverse proxy to take HTTPS traffic from the Internet and send it as HTTP to an internal web server. While I can install an Apache reverse proxy box in a DMZ, it seems like waste of hardware if I can do it on the firewall. I've found articles on using SSL for UserAuth (How to configure User Authentication with SSL - sk13374) and I've found articles on using FW-1 as an HTTP -> HTTP reverse proxy (Can FireWall-1 Act as a Reverse HTTP Proxy? - sk15012), but they're old articles and not exactly what I need to do.

I can't have any authentication from the firewall getting in the way. The reason we want HTTPS -> HTTP is so Web Intelligence can inspect the traffic. The destination is a "hardened secure email appliance" with its own authentication system. It doesn't warrant a $30,000 web application firewall of its own. There would be less than 1,000 legitimate users a day. It's the illegitimate ones I'm worried about. :-)

This will be on R65 HFA02 on SecurePlatform and the hardware has lots of spare horsepower. We would use an IP address that is different from the firewall external interface.

Thanks for any suggestions you can lend,

Ray