I've no experience with sharepoint publishing in the last months. Did this work with basic pre authentication, without any problem? No additional user prompt for authentication?
I've successfully published both WSS 3.0 in my office and Sharepoint 2010 Foundation in a client's company using Form based authentication with custom form and basic backend mode at sharepoint side. In both case HTTPS/HTTP redirection was used (no SSL inside, only on the UTM).
The only problems I've had was with too aggressive firewall profile I started with, so I have to loose it a little bit.
I don't remember that there is SharePoint recommended firewall profile guide, like for Exchange services.
That change just enables another type of IIS authentication beside Windows Integrated. Actually, you are not changing anything in SharePoint configuration only on underlying IIS web services.
I did send you an PM I dont know if you got it or not......
I usually don't reply to private messages if they are of technical nature, because in my opinion the whole purpose of this and all other Internet forums in the world is to share your questions, ideas, knowledge and solutions to the community.
...shouldnt then the gateway of the server that I want to publsi be the internal IP of the SG 230?
There is no need for that change. From the Exchange/SharePoint server side it would look like just a request coming from the LAN client.
I will give you a real-world example in my next post.
Presuming all your SharePoint mappings are defined properly, all you have to do is enable Basic authentication in IIS - leaving the existing NTLM authentication as enabled is fine.
Whether you do the login prefix/suffix on IIS or the Sophos authentication profile is up to you.
Also, on your virtual server pass the host header.
I am planning on implementing this. Can anyone tell me what the user experience is like?
Once the user supplies their domain credentials to the UTM (in either form or basic prompt), does the UTM ask again for credentials when navigating the sharepoint site? Or does reverse auth keep them logged in?