Jdavis: Even if you were to just use HTTP to log in to the interface, that LDAP query is sent in plain text.
What LDAP Q? The encryption ot the LDAP query should be between the SBG and the LDAP source, and SBG 9 can encrypt that via SSL/LDAP.
If the user login page is HTTP, is the forms data between the user and the SBG box encrypted?