What should sit closer to the edge?

[Keiichi]

I'm trying to design a network using a cisco 2800 series ISR to do the whole voice/data together thing. Here's the scenario:
There will be a cable internet connection (using comcast's SMC gateway for dedicated IPs) as a primary and a dsl connection (which is also a dedicated IP) as a backup for the internet.
There will be a a BRI voice T1 and about 8 fxo lines.
There will be a Sonicwall UTM

I was wondering would it go:
Internet > router > firewall or
Internet > firewall > router

 

[Nenu]

#2, protect your router as well!

 

[paradoxblue]

not to mention.. having a hardware firewall inside the router would make it difficult to nab all the pc's..

no? unless I'm missing something. how would you hard wire a firewall AFTER the router splits out to the pc's?

 

[Shadowspawn]

Firewall translates the entire network so yes, the router is inside.

 

[YeOldeStonecat]

The UTM appliance is usually your router, if it's not, you run them as a transparent bridge behind your router. I prefer to run them as my router/firewall though.

I don't use the Comcast SMC as a router..instead I ipmap my 2nd (and more) public IP address to the WAN interface of my router/firewall.

 

[Keiichi]

Thanks for the input, so I take it that I should find a UTM that can take in two wan connections to setup for failover, then have the cisco ISR behind it?