Need SSL termination on the external interface

[RayPesek]

SmartDefense is good but it can't do anything with an SSL connection to a web server behind it. It just lets everything through un-inspected.

Microsoft's ISA server lets you install an SSL certificate on its external interface. Incoming SSL traffic is terminated on the external interface, inspected by ISA's software, and an SSL connection is re-established between ISA's internal interface and the internal web server (because the web server has the same SSL certificate installed on it).

There's even a third party add-on that lets ISA check outgoing SSL traffic from an internal browser to an external web server.

I consider this lack to be a major deficiency, if not THE major deficiency, in FW-1's application intelligence arsenal.

Ray