I have a very small customer who has a Sophos UTM. The connection is made via Sophos with PPPoE via a Fritzbox as a modem (PPPoE passthrough). Now a second connection is to be installed, but the customer wants to use the FritzBox Cable as an exposed host, so that the dial-in is not with the Sophos but with the FritzBox.
How do you assess the security risk in such a mode? I am not a fan of this and would like to convince the customer to run the dial-in (PPPoE) via Sophos.