Whoops, sorry!
I asked a silly question. I was just going through in my head any of the possible problems and I didn't have a diagram in front of me. I took a look today and did a sanity check. The SA box isn't inline on the inside interface of the firewall so it will be fine.
The setup is as follows, we have a firewall with 4 interfaces (external, DMZ 1, DMZ 2 and internal). Traffic comes in from the external interafce of the firewall and gets NATed to the SA box external interface which is on DMZ 1. Clear text traffice gets spat out of the internal interface of the SA box which is on DMZ 2 and that traffic gets put through the firewall again. Finally the traffic gets put out of the internal interface of the firewall. The management address of the IDP is on the internal network and so can make connections out as it doesn't have to go via the SA box.
Apologies for the daft question, it had been a very long day!
Pete.