We currently have an SSG-140 and are in the process of installing an SA-2500. I am trying to find information on what I need to do to the SSG-140 to install the Juniper in 2-arm mode within the DMZ
So here's the setup I'm trying to achieve. (The two-arm external DMZ)
Can anyone point me towards relevant documentation?
What exactly are you looking for in terms of help? In this scenario the external interface is of course only accessable through the FW. So you will need to create a source NAT for the inbound traffic to reach the SSL box. You will need to allow 443, - also port 80 if you want http access and UDP4500 is good for Network Connect to use NCP as a transport mechanism which is more efficent than SSL.
As the internal interface is going to sit on your inside network you have nothing to do there.
On the SSG140 you could simply define a MIP that would map the Public IP to the private IP assiged to the external IF of the SSL. Then do a policy (typically untrust / any to trust MIP - allowing the specific ports.
Hope that answers your question.
We have a similar config, works well, no issues, the KB article pretty much goes through it. Did you have a specific question?