locked
WAP 2016 in DMZ RRS feed

  • Question

  • Hello all,

    I'm planning to deploy an ADFS 2016 farm with 2 load balanced ADFS servers and 2 load balanced WAP servers in the DMZ. My question is: do the WAP servers need 2 network adapters (1 with a public IP and 1 with a private IP)? or can they just have 1 network adapter with a public IP?

    Second question is: I just need to be able to telnet from the WAP servers to the ADFS servers on port 443 to verify that i'm going to have a successful WAP to ADFS connection correct?

    Thanks.

    Saturday, November 17, 2018 4:00 PM

Answers

  • Regarding the first question - this is NOT required - although commonly used in the way you described. In addition, there are some additional considerations if you decide to use NLB (using NLB in unicast mode with a single NIC will preclude the ability to communicate between nodes).

    As far as your second question goes - from the purely networking standpoint, WAP communicates with AD FS servers by default via HTTPS on TCP 443 - you can simply use Test-NetConnection (more at https://docs.microsoft.com/en-us/powershell/module/nettcpip/test-netconnection?view=win10-ps )

    hth
    Marcin

    Sunday, November 18, 2018 9:59 PM

All replies

  • Regarding the first question - this is NOT required - although commonly used in the way you described. In addition, there are some additional considerations if you decide to use NLB (using NLB in unicast mode with a single NIC will preclude the ability to communicate between nodes).

    As far as your second question goes - from the purely networking standpoint, WAP communicates with AD FS servers by default via HTTPS on TCP 443 - you can simply use Test-NetConnection (more at https://docs.microsoft.com/en-us/powershell/module/nettcpip/test-netconnection?view=win10-ps )

    hth
    Marcin

    Sunday, November 18, 2018 9:59 PM
  • Thanks for the response. I assume that running test-netconnection -computername "sts.domain.com" -port 443 from the WAP servers would be a good indicator as to whether or not the HTTPS connection will be successful.
    Monday, November 19, 2018 3:28 PM