Environment
Retain 3.x
Situation
Customer has two firewalls. Behind the front end firewall sits a web server in a DMZ. Behind that sits another firewall that protects the Retain Server sitting in a militarized zone. They want to give the users access and do not mind opening up ports on the front end firewall, but they do not want to expose the Retain Server behind the second firewall. 
Resolution
Retain does not have a separate front-end web server that can be split from the main server.
What a customer can do, though, is follow a standard data center practice to employ a reverse proxy device inside the DMZ accepting HTTPS connections (port 443). The reverse proxy will then scan those connections, conduct SSL offloading and proxy them over to Retain via HTTP on whatever port they feel the desire to use.
Additional Information
This article was originally published in the GWAVA knowledgebase as article ID 2529.