Hi Guys

I am currently working on my Lab network implementing a two firewall
configuration with DMZ, VPN, Proxy, NAT etc....

Server BORDER1
NW6, BM3.7
Public Interface 82.x.x.x
DMZ Interface
Static NAT, Packet Filters, Proxy

Server BORDER2
NW6, BM3.8
DMZ Interface
LAN Interface
Packet Filtering, Surf Control, VPN

The question is, should i put the BORDER1 server in the same Tree as my
other servers (LAN) and users? Security and ease of filter administration
(allowing DS packets through the firewall) tells me that the PUB-DMZ BM
server should be in its own Tree, but then how would i control Proxy
Authentication? Would using DirXML be of any benefit or would i need to
open up the same (or more) ports for that?