Chapter 10 Transformed ApplicationsFeatures120 Application Gateway Administration GuideWhen Design Studio is redirected to an SSL site from a non-SSL site(from HTTPS to HTTP), the connection between Design Studio and theApplication Gateway is not secure. We recommend that you locate theconnection between Design Studio and the Application Gatewaybehind a firewall.Security LevelsInternet, extranet, and intranet sites require different levels of security, allsupported by the Application Gateway. As shown in Figure 1, those siteshave the following characteristics:• Internet sites contain external content, are public, and require noauthentication for access. All devices supported by the ApplicationGateway can access Internet sites.• Extranet sites also contain external content, but they requireauthentication for access. Extranet sites are in a secure demilitarizedzone (DMZ). All devices supported by the Application Gateway canaccess extranet sites. (XML-based IP phones cannot authenticate, sothey are unable to log in to extranet sites.)The Application Gateway supports Basic authentication and promptsdevice users for authentication credentials if they are required. Inaddition, the Application Gateway provides authenticationmechanisms for devices that do not natively support authentication(such as Palm devices).• Intranet sites contain internal content that resides inside the enterprisefirewall. From outside the firewall, these sites require a VPN client totunnel through the firewall.Figure 1 Security in the Enterprise