As of SMP3 SP07 you can use SAP Web Dispatcher as a reverse proxy for SMP3. Depending on your landscape, this simplifies A LOT your architecture. And you can reuse your WD knowledge and gain support from SAP. Installing the WD is done as usual, with one caveat: you have to inform the commonlib which TLS to use:
ssl/ciphersuites = 896:HIGH ssl/client_ciphersuites =896:HIGH
Without these parameters, WD will try to connect to SMP3 but won’t be able to connect, as the response send by SMP3 cannot be interpreted (protocol not understood). With the above configuration, WD can connect to SMP3 using TLS. While this may look strange, it actually is necessary as SMP3 uses some high TLS security.
To understand better what these two parameters do, take a look at the Commonlib + Web Dispatcher SAP Note: 510007
For more information like a sample WD profile, read on here.