ISA & FW-1

I have a weird scenario..

A Checkpoint FW1 is in place and runs fine. The client wants to add a
server that will do some antivirus scanning on HTTP. Checkpoint's CVP
protocol does this, but is single threaded and basically will kill
everything. We are looking into placing an ISA server, with the AntiVirus
stuff before the checkpoint FW. Since the users are already comforable
with using the FW1, here's my question:

can I configure ISA to just allow all traffic through. All the FW rules
will be handled by the Checkpoint FW. I also would like to have all the
clients be SNAT, because I don't want to setup any software on the users'
desktops.

Please let me know your thoughts.

Thanks
RS


Other related posts: