> Seems to me the obvious way (sort of) to do this is to use a screened subnet
>arrangement. Ok .. fine. Am I duplicating kit doing this ? That is, by using
>an exterior and interior router to create a screened net off which would hang
>the commercial firewall etc, am I duplicating the routing function of the
>commercial firewall or don't they have the same level of control over routing
>as a CISCO would for example ?
Some firewalls do. (NetGate and Firewall-1 do.) Actually, you can get better
control with some of these than you can with a Cisco. For instance, you can't
filter on ICMP type and code with Cisco's access lists...