In the below example, which is a snipit taken from ESRI documentation found here, Deployment scenarios for a highly available ArcGIS Enterprise—Portal for ArcGIS (10.6) | ArcGIS Enterprise , I am curious about the difference between internal and external requests.
In the example, would clients who are behind the firewall on the internal network, have to "go out" to "get back in"? Does the DMZ Load Balancer handle ALL traffic, or just any external requests. So internal employees would access the Portal via https://internalNLB.Internaldomain.com/arcgis/content and external access (authenticated field users) would access the portal via https://externalsNLB.externaldomain.com/arcgis/content.
If it is the case where internal points to the internal NLB and external to the external NLB, can you have Active Directory Federated Services on both NLB without any authentication issues? I thought with Portal, only one machine will handle security.