We use McAfee Enterprise Firewall (Sidewinder) 2100 with SSL acceleration card. We can access our web server by using https to firewall which then connects to web server using http. However, we would like the users write http in their browser and when this reches the firewall, the request gets re-written to https and ssl gets handled by firewall; after that the internal part would remain be handled by http to server.
Kindly advise if McAfee enterpris firewall can carry out the rewrite functionality from HTTP to HTTPS; or if we need to have another server to make this rewrite.
The SW cannot do what you're asking, no.
The user types HTTP into their browser. This sends a port 80 request to the firewall. The HTTP proxy will handle this request. The client is NOT doing HTTPS when you type HTTP into the browser. The only way it will do HTTPS is if you type HTTPS.
What you'll probably have to do is get your web server to do some kind of redirect for http://yourdomain.com to https://yourdomain.com. A lot of websites do this (http://www.gmail.com for example). Your client does an HTTP connection to your server, the server responds "Go to https://yourdomain.com" instead, the client does a new HTTPS connection and this is handled by the firewall and its HTTPS decryption function. This should be very easy to set up on your web server.
I know that this functionality can be setup on web server. However, I needed to look for it on sidewinder because this functionality would be the only functionality for a web server in the dmz before sidewinder (I could dispose of this web server in case sidewinder can handle the rewrite - actually, I usually used such server for reverse proxy + redirect; now, in case of sw installed, I do not need the functionality of reverse proxy-so, I did not want to still keep the server for only redirect functionality); aslo, I do not want to pass to the web server that is protected by sidewinder any type of traffic on port 80.
Ok...... been two years (and several updates, lol) any word if we can make this work? I have ALOT of redirects from 80 to 443 on my web servers, i would like to remove them and have the firewall do this.