The problem here is that UAG uses HTTP 302 redirects extensively. However, the content of these are defined by whether the trunk is http or https and as such in the scenario above returns redirects with http links.
This means that (assuming your SSL decryptor cannot/does not rewrite those links for you), users directed to the http version of the site not the https, which completely breaks the site for the user.
The easy fix is to set up something that accepts those http requests and redirects users to the https site (I use my load balancer)
More complicated is to use AppWrap to rewrite the 302s - I will update when I test this
--Chris
(update below following MS answer:)
* Create the file c:\program files\Microsoft Forefront Unified Access Gateway\von\conf\websites\
* Paste the XML snippet below into it
==============START=================
<APP_WRAP ver="1.0" id="RemoteAccess_HTTPS.xml">
<MANIPULATION>
<HEADER_CHANGE>
<RESPONSE>
<APPLICATION>
<SERVER_NAME mask="">localhost</SERVER_NAME>
<PORT>6001</PORT>
<URL>
<URL_NAME>.*</URL_NAME>
<HEADER>
<NAME>Location</NAME>
<SAR>
<SEARCH encoding="">http://www.example.com</SEARCH>
<REPLACE encoding="">https://www.example.com</REPLACE>
</SAR>
</HEADER>
</EDIT>
</URL>
</APPLICATION>
</RESPONSE>
</HEADER_CHANGE>
</MANIPULATION>
</APP_WRAP>
===============END==================
* Activate UAG.
* You can still use appliciation manipulation tags in here if you have other AppWrap
