We have a customer who has an iprism web filter which I thought was only doing content filtering. After installing an IPS 4215 to monitor web traffic, the only alarms that generate are http connect alarms from the inside hosts to the iprism, it looks like it is acting as a proxy that is tunneling http. Is there any way to get the web traffic back in the clear? If anyone has experience with the iprism, is there some way to disable the http tunneling and still keep the functionality? On the IPS side, is there any solution that can be configured on it to see the traffic?