Hi Guys

I am currently working on my Lab network implementing a two firewall
configuration with DMZ, VPN, Proxy, NAT etc....

Server BORDER1
NW6, BM3.7
Public Interface 82.x.x.x
DMZ Interface 192.168.1.254
Static NAT, Packet Filters, Proxy

Server BORDER2
NW6, BM3.8
DMZ Interface 192.168.1.253
LAN Interface 10.0.0.254
Packet Filtering, Surf Control, VPN

The question is, should i put the BORDER1 server in the same Tree as my
other servers (LAN) and users? Security and ease of filter administration
(allowing DS packets through the firewall) tells me that the PUB-DMZ BM
server should be in its own Tree, but then how would i control Proxy
Authentication? Would using DirXML be of any benefit or would i need to
open up the same (or more) ports for that?

Regards
Steve