I am running Forefront TMG SP1 rollup 3. All desktop clients will have the Firewall Client installed. Servers will not.
I would like to segregate my outbound network traffic according to traffic which has been successfully authenticated in one rule and that which has not authenticated into another. This segregation will eventually be used to treat the traffic differently.
Given that I have two Internal->External HTTP / HTTPS allow rules listed - the first requiring authentication and the second not - would this provide the desired behavior? I know that any rule requiring authentication that blocks traffic will inherently block any traffic that does not have authentication enabled.. I'm just a bit fuzzy whether or not a similar issue would crop up with an allow statement. I'm also concerned if adding a rule containing authentication for HTTP / HTTPS like this would impact any non HTTP* rules, e.g. SMTP which I would like to keep lower in the rule chain.