Is it possible to have 1 web adapter for Portal for ArcGIS in the DMZ and another web adapter on the same server where Portal for ArcGIS installation is installed on our internal network? Any other gotchas to do this?
Portal only knows about one "front-end", meaning one URL that defines how users will reach the Portal. There may be a way for you to use DNS provide an alias to your external and internal web adaptors so the names match. The only tricky part next would be making sure requests that came in through the DMZ are sent back there and requests that originated from inside of your network are also sent back to the appropriate address, (using cookies?)
Hi there - I was just thinking about this as well. This was a common pattern with the /arcgis context in the past as you would have 1 web adaptor exposed externally with no admin access and one internally with admin access. The WebContextURL property gets ignored if the context is arcgis. However with the change to web adaptor contexts being /portal and /server this suggests that you do have to set the WebContextURL to ensure links in the pages get written differently. This means you only have one DNS to play with. I have used internal v external DNS to resolve to different IPs (A records or CNAMEs which ever you want to use) and I was trying to think if there was anyother way to do this. I kind of think that having the entire url in this property is a bit limiting, and maybe it should be something that the web adaptor passes to ArcGIS Enterprise or that the WebContextURL is changed to just reflect the context and it pulls the host from the Location header or the like. Web Adaptors will proxy the requests ok from what I have seen and you can use other methods like IIS ARR rules which is another common Esri pattern. Of course if you set the Web Adaptor context to /arcgis for the portal and GIS server you would be ok but that comes with other limitations - you'd need separate websites in IIS for each web adaptor for example.