"I am setting up NAM in the lab, with the configuration of the Identity Server and Access Gateway in the DMZ. I am not experienced it this type of setup, since we currently have iChian on the inside of the network, so this is going to be a completely different setup.
The IDP sever in the illustration of the "Setting Up Firewalls" section of the setup guide appears to have TWO NICS, and the Access Gateway appears to be set up that way. Or is this illustration indicating that the IDP server has a hole in the firewall to communicate to the LDAP server, and a hole in the firewall to communicate with the Admistration Console? I assume the LAG has to have two NICS, one for outside communication and the other for reverse proxies - correct?"
And here's the response from Ben Walter ...
You could use physical interfaces to do the segregation, but it'd be easier and cheaper to have the firewall doing all the port routing and restrictions.