I have a rack at a data centre which currently has an ISP RJ45 Internet feed to it straight into the external port of the firewall I am using with approx. 12 public IPs available. I have approx. 5 un-used public IPs I want to use on another web facing server in the same rack, this HAS TO be separate from the first firewall and kit for contractual reasons, so the only way I can think of doing this is putting a racked switch in front of the current firewall and then taking a patch cable from that switch to the existing firewalls ext port and then to another firewalls ext port with the new kit behind it, that way I can use the un-used public IPs for kit behind the second firewall.
Has anyone any experience on this? I know some might say everything should be behind the firewall but others I read online say this is fine. Should it be a non-managed switch for security of just a normal managed 24 port rack gigabit switch that can be managed remotely and locked down somewhat?
Any constructive input would be appreciated.