Hey Guys, need to pick your thoughts on an architecture as listed. Why do Reverse Proxies need to be in its own DMZ which then proxies the HTTP requests from the Semi Trusted DMZ into the trusted DMZ? This is the path:
Browser -> WAF -> NGFW (Enter Semi-trusted DMZ) -> RProxy -> NGFW (End of Semi-Trusted DMZ and Start of Trusted DMZ) -> Load Balancer -> App -> Database
We are talking about industry leading solution as WAF and NGFW in the path of the HTTP request entering the Semi trusted DMZ.