SSL Vulnerabilities?

[Kyle Starkey <KSTARKEY () altera com>]

I need some one to help me with a suggestion that was just made by my boss.
It sounds OK to me, but after the whole "blocking ICMP" fiasco I started I
am looking for some suggestions.  I am currently managing a DMZ for customer
support at my company.  Our front end firewall is a NT based Gauntlet 5.0
with only the SSL port open to the internet.  Since we are using the built
in SSL/Http-Proxy, with the HTTP port blocked, the firewall intercepts the
SSL packets changes the source IP address to its own and forwards the
packets to the WebServer.  The problem with this is that the webserver logs
show the firewall as the only one accessing it.  The Powers-that-Be would
like to be able to see what pages are being accessed by what IP addresses.
Our thoughts were to simply disable the proxy and use Packet filtering rules
to manage the communications between the interent and the Webserver over the
SSL port.  Other than the fact that NT is bad platform to sit your firewalls
on, can any one think of any reason why this might be a BAD idea. 

thanks for you help

Kyle R. Starkey
Information Security Group
Altera Corporation