Ray / Mutt I've tried doing the single-armed approach as its what I've used on several other devices. However, Im experiencing a problem... Ray - as you explained it is as I have it setup. Only the internal interface is configured with an IP add (dmz address). Logical Traffic flow is: internet ---> FW ---> IVE ---> FW ---> internal lan server Heres what I see. Traffic comes into the FW, is natted and is forwarded onto the IVE -- This works. I see inbound 443 traffic to the IVE from internet clients. The IVE does nothing with this traffic at all... No packets are initiated by the IVE whatsoever. I would expect to see the IVE initiate LDAP traffic to the configured auth servers (tcp/389) in order to authenticate the inbound client connections it was receiving. it doesnt. I know the IVE can talk (for example) LDAP to the internal auth servers as if I click the "test connection" box in the Auth section I then see 2-way LDAP traffic as expected. It doesn't appear to be a routing thing and its not a firewall thing. Whats getting me is the IVE doesnt seem to be doing anything with inbound client connections - its not trying to auth them. (I've observed all this with numerous tcpdumps). any help on this would be much appreciated!
... View more