We have a setup where we user Netscaler as the Proxy for our ADFS. The setup has always been that everyone, internal and external were proxyed trough the netscaler and never direct to the ADFS serveres.
Due to a certificate issue, we changed the DNS so that internal users ask the ADFS directly now and externals are using the Netscaler proxy.
Now we discuss what we should do in the future. It seems to be best practice from MS that internal users, use the internal ADFS serveres and not the proxy. But is it better to have everyone trough the Proxy?