Infrastructure : Internet FW <--> IPS <--> Core SW
RA vpn users terminate on FW and currently split-tunneling is in place.
Adding a Bluecoat proxy in Transparant mode -main purpose is for intercepting 'https' requests from internal client for DLP (Data Loss prevention). Not intersted in Webfiltering. So the infrastructure after proxy...
Internet FW <--> IPS <--> Tranparant Proxy <--> Core SW
1. Is it better place to add the proxy?
2. Current proxy does not have enough ports to add FW DMZ inline. Is it normal practice to add DMZ (with servers, no user PCs) to Proxy?
3. Now if Split-tunneling is removed and force the VPN clients to use organization Internet, when the RA vpn users terminate on FW, does their internet
requests still pass thru proxy? If not how to make them pass thru proxy.