I'm deploying Lync Server in our company. Microsoft's Official documentation says I must connect Edge Server to both DMZ and INTERNAL networks.
Is that true? If so it will overlap all firewall rules in place and if someone hacks that server, he could gain access to our internal network easily.
Moreover If I come to our security team with a requeriment to connect the server to DMZ and Internal LAN simultaneously, for sure I will get fired since anyone with basic network knowledge knows this is a huge security breach.
Along with the answer, could you explain to me why I need to deploy TMG to publish internal resources from Lync Front-end Server? Shouldn't everything needed to an external client to access Lync Servers be homed only on the Edge Servers?