Inside Router

    Last line of defense

    Between main firewall and inside net

    Dedicated router or OpenBSD box

        No remote logins

        No "pc anywhere" access

        Console access only

    If firewall compromised, this is the only protection against the firewall accessing all inside traffic