netscreen

interface < zone < vrouter

dmz, trust, untrust interfaces function as gateways.

you can configure these zones in nat or route mode.

if one got public addies, yes, they are routable.

ISPs provide ya external IP addy, which is binded with untrust interface.
If you got routable IP's, you can have em in DMZ, and have ISP's route that traffic to the untrust int.

ya can enable manage-ip on all interfaces

Configure default gateway for the untrust/uplink/wan: set route 0.0.0.0/0 int eth3 xx.yy.zz.ww


Create policies or fw rules across interaces.