Passing information between an external client and an internal sever

[tyrrell () foremost com]

Our web development team has come up with a plan for people to submit
product request information to our mainframe and receive information back.

We have a public web server located at a local ISP. On that web server is a
form people will fill out and submit to us. The form information will be
sent to a web server behind our Gauntlet firewall, on our internal network.
There is a middleware product running on the internal server that will
format the form information and forward it to our mainframe. The mainframe
will do its thing and return the resulting information to the internal
middleware server, which will reformat the information and send it to the
firewall. The firewall will then send the information back to the requestor.

    Client  -----  Web Server
      |
      |
   Firewall -----  Middleware/web server ----- MF


Since the form is submitted from the client, the firewall sees the client's
IP address as the source. So, to make this work as designed the external
port on the firewall needs to be opened up to the world.

Other Info:
The existing firewall only has two interfaces.
The middleware to MF connection is SNA so that server has stay behind the
firewall.
The public web server can be moved in-house.
There are plans to replace the firewall with a triple homed Firewall-1.
Both web servers are NT/IIS.
Rewriting the form application or the middleware application is not an
option.

I need to come up with a secure solution within a couple of weeks. Any
suggestions?


Thanks,

Kevin Tyrrell