User Auth issues

[JoeShmoe]

We have set up LDAP integration to an AD server and are trying to use USER_AUTH to ensure users are prompted for their AD credentials before they can get to the web site behind the FW

We are using AD groups as the source objects for the rules and this all seems to be working fine. Rule looks like this

Source Destination Service Action Track Install On Time
Group1 eHR_AppSrvr HTTP User Auth None Policy

However when the users try and access the page they are always prompted twice for credentials, once with the FW1 pop-up ( as we'd expect) and then a second SecurID pop-up. We dont use SecurID so we cant work out why this happens. Once you enter the same credentials twice its fine, they only get the one box each time. Just the first time they logon after reboot/time-out

We have to use User Auth as we have a mixture of Macs and PC's out in the field and CP have told us only User Auth is supported on both for HTTP access.

More interestingly still this only happens with IE. Firefox/Safari etc both only have the one pop-up

Any ideas .. we've tried to find everywhere where it may default to securID authentication but maybe we've missed something? Ive read we may need to use an HTTP server on the FW and list all the backend servers when we use User Auth .. is that right?

Also, if we just use Accept will the user still be prompted for his AD credentials and what will the securty become (i.e. session timeouts?). We have to ensure the connections are broken when the session is shut down as we have many different people using these machines. As stated we'd use session auth if we could but the Macs dont support it