DMZ/WAN Exposure

This segment is really for two types of devices: the reverse proxy that is exposed to the WAN, and any game servers/VMs. It should be fairly obvious why these are segmented and they will be somewhat restricted in what they can communicate with on the internal network. A small reminder: because our Edge router is handling the NAT for us, Destination NAT (DNAT, aka Port Forwarding) for these devices will be handled at the Edge.