DMZ / Design Question
I'm wondering if its common to have users pass through the same firewall twice when going into the corporate network. For example lets suppose you host an application. In order for your users to connect from outside they first pass through the firewall, hit the proxy in the DMZ, go back through the same firewall, and then hit the app server. Wouldn't it make more sense to allow the user to go from the proxy through a switch to the app server and place secondary security/restrictions on the switch as opposed to hitting the firewall with double the traffic??