We are looking to deploy SfB Frontend and Edge with mobility client. We only have capacity for two new servers, so we cannot put a dedicated Reverse Proxy in.
Can we simply use NAT to get around this? i.e. on our Firewall device, NAT 443 to 4443 for external connections to the Front End for the External Web Services?
If so – what certificate would I assign to the External Web Services IIS site on the Front End to ensure SSL connections via valid certificate name? As it currently will use a internal signed cert, will I just change this to a Public Cert with all the appropriate names, or will this cause problems?
I would highly recommend to use a reverse proxy due to the reason that you have then a fully supported environment if you need to open a case with Microsoft. You can use the MS Web Application Proxy as reverse proxy (see here). It can be a VMWare server (esxi or something) it didn´t take that much load and will allow you also to a Office Online Server (see here) for power point presentation.