The customer is about to get a ZCM 11 primary in the DMZ to service devices when they are off the network. It will be running on SLES 11 sp1 x64. They don't want anyone to be able to access the ZCC or even the server/zenworks-setup page from the internet. Is there a supported way to block those management/deployment pages while still allowing 80 and 443 to work for the required agent communication?

I found the following article which looks good, but it would like support's opinion first.
Restrict Access to ZENworks Control Center | Novell User Communities

Is there a TID or something in the documentation that explains how this can be done? Thank you