After several months, we finally have all the pieces of Enterprise installed and mostly functioning however we do have a pretty large problem. Our Web Adaptor for Portal is in the DMZ and the Portal, Hosting Server, and Datastore machines are all behind our firewall on separate machines. Users that are either on our network or outside our network can hit the DMZ Portal WA URL (webgis.westerville.org/portal) and use our GSuite credentials to be authenticated and allowed into the Portal.
Our problem starts with viewing content in the map viewer of portal. Users that are on our network can log in and view services in the map viewer that are published to the Hosting Server but if they users are NOT on the network (say using a home PC) they get an error saying "The layer XX cannot be added to the map". The Hosting Server does not have a Web Adaptor associated with it so the services are published using the FQDN in the service URL. I also checked the developer tools in Chrome (from outside the network) when attempting to view a service in the map viewer and saw it says "dojo.js:141 GET https://<hostingserverFQDN>.westerville.org/host/rest/info?f=json net::ERR_NAME_NOT_RESOLVED”
I am curious if this is a certificate issue? We are using self signed certificates internally between the servers and a wildcard certificate on the DMZ for *.westerville.org. Or do we need to have a Web Adaptor in the DMZ for the Hosting Server as well? The reason why we did not want to do this is because we do not need/want to have the services and services directory available publicly for the Hosting Server.
Hopefully this makes sense and someone can help us!