Question : Domino Web Access network configuration help

Ive been asked to assist a Domino administrator to set up Web Access.  Im not familiar with Domino.  Im assuming the Domino admin can handle the server configuration.  I was asked to configure the network architecture.  The company has a DMZ.  Is there a way to set up Domino as an authentication server or bridgehead server that accesses the Domino mail server on the internal network?  Or, is the only way to get it to work is set up Web Access on the internal mail server then allow Internet access to this server via port 443?  I hope thats not the case.  Ideally Id like the users to access the Web Access portal on a server in the DMZ.  They are authenticated on this server then they are able to access their mail file on the internal mail servers.  Is that possible?  

You can give me some basic configuration tips that I can pass on to the Domino admin to get this to work?  Also, can you recommend the best topology that allows users to utilize Web Access while still keeping the network secure?

Thanks for the assistance!

Answer : Domino Web Access network configuration help

Using firewall NAT and SSL you can securely pass web requests directly to your internal server.  I have dozens of customers who have done that for years with no problem whatsoever.  Are you still concerned about security?

I have a couple customers who insist on isolating the internal Domino server, and so they create a new Domino server in the DMZ and replicate their mail files to that server.  So the firewall disallows direct access to the internal server from the internet.  Only the DMZ server's IP is permitted to contact the internal server for thre sake of replication.  This architecture satisfies even the most security-minded requirements.  If you use cluster replication, the data available in the DMZ is current. The drawback is cost -- this architecture requires twice the Domino hardware and server licensing.