Our network policy is to have no direct outside to inside NATs. If I place a connection manager on our DMZ and have that connect to the internal Wildfire server, will incoming s2s messages use the connection manager if configured properly?
Currently, Connection Managers can only handle client-to-server traffic. Server-to-server traffic will go directly to the server (or at least not through CMs). Anyway, I guess that it is also possible to use a proxy server instead of a CM to forward traffic to Wildfire although I’'m not sure if that will fulfill your security request (but prob your policy).
The proxy server is a good idea, especially since I’'d like to hook into the Active Directory at work. The placement will largely depend on if the LDAP guy is willing to allow a DMZ host read-access to the AD.