I don't know if there is a defined "best practice," but it is a good idea to install security devices such as firewalls wherever they can serve a useful purpose. In this instance, you are talking about remote access to your internal network. Do you want all those that can authenticate to your RAS to have the same access as those directly connected? Do you know that all your RAS connected users have the same level of physical security as your directly connected users?
The short answer is yes, it is a good idea to use a firewall as part of your RAS infrastructure. By including a firewall, you can limit what those users can do in connecting to your internal network.
For more information on this topic, visit these other SearchSecurity resources:
Tech Tip: Perimeter security explored: Firewalls
Featured Topic: Firewall management
Featured Topic: Remote security issues
This was first published in March 2002