You have deployed Web-IT server which you plan to use by having external users go through Secure-IT and internally, using same address. However, depending on Web-IT configuration, users cannot launch published applications, or Secure-IT server is overused because internal users also forced to go through SSL.
Root cause yet to be determined. It's possible that Web-IT server cannot properly detect source IP of the client and assumes Normal translation (internal) for all users.
There are several things that can help to workaround such problem:
1) Configure existing Web-IT server for Secure-IT only access (external Web-IT). Which means:
a) open Web-IT Admin page
b) access Firewall/SSL section
c) make sure that default translation is Normal and clear the list of Custom Address Translation
d) put the same HTTPS address in Web Access URL - external and internal
This Web-IT server should already be properly NATed and configured on Secure-IT web proxy.
2) Deploy additional Web-IT server on any available server. Even one of the Connection Brokers can be used because Web-IT is a lightweight service. We'll call it internal Web-IT server.
3) Configure internal Web-IT server with minimal configuration:
a) provide Farm name
b) provide broker(s) names or IPs
c) provide XML broker port (8080 by default)
d) fill Windows Domains with NetBIOS domain
4) Create internal DNS entry for external FQDN (used by external users), so it'll resolve that FQDN to internal Web-IT server.
5) It may be necessary to create on internal server HTTPS -> HTTP redirector