I am at a company where they are using a firewall to protect the DMZ from the LAN and an ACL based router to protect the DMZ from the internet. I think this is backwards for many reasons but am trying to find best practice documentation to support my claims. Anyone have anything solid on this or am I off base
