I am working on a basic install of ArcGIS Enterprise (10.6) to update and replace my ArcGIS Server 10.4.1 application. Our current setup is a single physical ArcGIS Server on our internal network and a virtual server in the DMZ with the Web Adaptor. The ArcGIS Enterprise Builder looks like a good solution with everything going on one server, however our security and network staff had concerns as the web adaptors are on our internal network. My resources are a web application filter (Barracuda) in the DMZ and an IIS Web Server in the DMZ that could host the Web Adaptors. I see two scenarios. One uses the Builder to put everything on the internal virtual server and then communicate through the Barracuda in the external DMZ. If I understand ArcGIS Enterprise correctly, it is possible to communicate through the Barracuda or Web Application Filter to the Web Adaptors. A secondary question is are the web adaptors necessary or should they be used if we have the Barracuda in the DMZ. The other scenario puts the two web adaptors on the external IIS Server in the DMZ while Portal, Server, and the data store all reside on the internal network. What are the advantages and disadvantages of the scenarios? Will one work better than the other? Are there better scenarios? What is the best practice? I suspect both scenarios will work, but I don’t know why one is better than the other. Suggestions?