Thanks for this. I have some more queries:
1. Open respective ports from PAM to the end device ie rdp/ssh/https etc and proxy ports for password management, exact port number can be found in docops site.
[Nikunj]: This doesn't seem to be feasible solution as suppose if we have 500 servers in DMZ then we have to configure firewall each time. Also, if new server is introduced in external network then need to change the firewall settings each time for each new servers. This will only increase the overhead. Although can consider as a last option.
2. PAM has 8 physical ports or interface on physical appliances, you can connect these ports to the network where your device are residing for example DMZ. Same logic applies to virtual appliance.
[Nikunj]: This looks interesting. So, my query is if I configure the network address of .biz domain(which is external and behind the firewall), will this not need any firewall settings? Do PAM will be able to connect directly to external servers? How PAM will know from which port to connect ? I am confused. I am not getting this logically on how this can be implemented. Request you to please explain in detail about this point.
Thanks in advance.