Pardon the somewhat beginner question, but is the below configuration secure with regards to SSL publishing an internal site that only runs on HTTP in IIS, or will the login process be in clear text for external systems/sniffers?
I know internal traffic will be, but management so far isn't concerned about that point...
To: Internal DNS name of host, Forward original host header, Request appear to come from the original client.
Traffic: HTTP & HTTPS
Public name: single DNS FQDN for site (no split DNS, so same name as internal)
Authentication Delegation: No delegation, but client may authenticate directly.
Bridging: Web server, Redirect requests to HTTP port: 80
Users: All Authenticated Users
Client Connection Type: HTTP(80) and HTTPS(81)
HTTP to HTTPS Redirection: Redirect all traffic from HTTP to HTTPS
Client Authentication Method: HTTP Authentication (Integrated), Windows Active Directory
Client Configuration Settings: Require all users to authenticate
Certificates: ISA wildcard selected
Thanks in advance for any help in this matter.
(Sorry if wrong place, but selecting Microsoft ISA as zone returns "not valid")