I am on the verge of redoing my entire network. I uploaded a generic topography of how I want it to look, but something is not clicking....I'm thinking that I got the firewall misplaced...but I am still puzzled.

Can you guys give me some suggestions?

It's correct. No need for a DMZ, firewall has to sit behind the router unless the router itself is capable of firewalling.

It's correct. No need for a DMZ, firewall has to sit behind the router unless the router itself is capable of firewalling.
Well, if I may have to add a DMZ later, because I will use this same scheme for our china location...and they do a lot of FTP uploads.


Speaking of FTP, where would be a good place to insert it?

Speaking of FTP, where would be a good place to insert it?

Right into /dev/null, FTP isn't secure, consider using SSH with scp/sftp, there are Win32 versions that support AD authentication.

Right into /dev/null, FTP isn't secure, consider using SSH with scp/sftp, there are Win32 versions that support AD authentication.
Yea...I know how insecure FTP is, but they (my company) have customers all over the world using it. Security is not a priority on the FTP box, just as long as I can keep people out of the rest of my network.

Yea...I know how insecure FTP is, but they (my company) have customers all over the world using it. Security is not a priority on the FTP box, just as long as I can keep people out of the rest of my network.
thats a rather broad statement, it depends on what ftp service your using, if your worried about security, try vsftpd

Get a switch, not a hub. A hub is slower than a switch. A switch is more efficient than a hub. A switch lives on an entirely different layer of the OSI stack than a hub.

A hub broadcasts every packet to all connections. This effectively means one device cannot talk until all other devices have stopped shouting. Packet collision errors (requiring retransmission) are common. Imagine a hub as a 4-way intersection with no stop signs. Cheap and low maintenance. Lots of traffic makes for a very bad situation.

A switch routes a packet only to the device that it is intended for. Many conversations can occur at the same time. Packets rarely collide. Imagine the switch as a competent traffic cop in this 4-way intersection. Traffic may have to wait for a turn, but everyone gets a fair turn.

CSMA/CD in the house!

Get a switch, not a hub. A hub is slower than a switch. A switch is more efficient than a hub. A switch lives on an entirely different layer of the OSI stack than a hub.

A hub broadcasts every packet to all connections. This effectively means one device cannot talk until all other devices have stopped shouting. Packet collision errors (requiring retransmission) are common. Imagine a hub as a 4-way intersection with no stop signs. Cheap and low maintenance. Lots of traffic makes for a very bad situation.

A switch routes a packet only to the device that it is intended for. Many conversations can occur at the same time. Packets rarely collide. Imagine the switch as a competent traffic cop in this 4-way intersection. Traffic may have to wait for a turn, but everyone gets a fair turn.
Yup...I changed that to a managed switch.

Alot of diagrams here: http://community.smoothwall.org/forum/viewtopic.php?t=10709