the decision between routed and drop-in mode is based on your current network. many networks are best served by routed mode. however, drop-in mode is recommended if you have a large number of public ip addresses, you have a static external ip address, or you are not willing or able to reconfigure machines on your lan. the following table summarizes the criteria for choosing a firebox configuration. (for illustrative purposes, it is assumed that the drop-in ip address is a public address.)