We are looking into deploying sharepoint 2013, and looking at the security aspect of sharepoint 2013 web server roles, because as well as internal users we will have external partners accessing the sharepoint sites as well.
Looking at some articles they suggest using forefront UAG, to publish the web sites. Has anyone done this, if so where have you placed your sharepoint web servers, on the internal network or DMZ. We are trying to avoid placing in the DMZ. Also have you done any reverse proxy such as port forwarding, and does this impact internal users trying to access the sharepoint sites.
Also I was told that a better way is to use web application firewall (WAF). Has anyone deployed this. Where do you place your sharepoint web servers for this. Can they be placed on the internal network.