I'm not a network guru, hence my reason for my question. I have an ADSL line into our offices connecting to a Lingsys ADSL router (IP : 18.104.22.168) which I will connect to a WatchGuard X500 firewall. Do I NAT at the ADSL router to an internal IP address ? My internal IP range are 172.22.23.xx. Also on the WatchGuard there will be an MPLS network, see attached diagram. What I don't want to happen is to NAT to an internal network address which will then connect to the firewall and anyone coming through the firewall can go directly on to the MPLS, creating a bridge. Can anyone advise me on how to make this secure ?