one of our Customer is going to adopt a hybrid implementation of CA API Managment SaaS (with the API Portal SaaS and the API Gateway on-premises).
The on-premises API Gateway will be exposed to internet using a reverse proxy (acting as load balancer too). The reverse proxy/load balancer will be in a DMZ network and therefore behind a firewall. Considering the scenarion just described I have a couple of question about.
- Q1. Can the communication between API Portal SaaS and API Gateway on-premises occur through the reverse proxy/load balancer or must exists a "direct channel" between API Portal SaaS and API Gateway on-premises?
- Q2. I know that in a deployment without API Portal the reverse proxy/load balancer exposing the API Gateway can be configured to porform "port translation" (i.e. reverse proxy/load balancer will expose port 443 and it will forward the traffic to API Gateway on-premises on port 8443). Is this configuration "supported" for a deployment with API Portal SaaS too?
- Q3. In order to implement the proper firewall rules which ports will be used in the communication between API Portal SaaS and API Gateway on-premises?
Thanks in advance,