To determine if it is a security issue you can log your attempt to reach internal.spinfexcommunications.com.au. Set the log level to debug and you should be able to see if you get a access denied or not.
It could be related to the default language settings, can you check if you have set en as the default language. If you don't require multiple languages you can remove the default swedish setting and you can ditch the /en
When I browse our test site http://internal.spinifexcommunications.com.au, it's redirected to the EpiServer login page.
But when I browse it with a "/en" http://internal.spinifexcommunications.com.au/en it behaves as expected and just stays on the home page.
How can I set http://internal.spinifexcommunications.com.au to stay on the homepage as well when browsed?
It couldn't be a security issue as I'm able to browse the /en page without logging in. Could it?