They so called CCNP in the whole design of TM network sucks, if they are so call clever, they won't design the whole network layout like this in the first place. enterprise user won't be using their DIR-615 for default router anyway, but double NAT-ed behind DIR-615 is not doing any good with application like FTP except DMZ it; futhermore if the DIR-615 being exploited, they will be a middleman which can run something like SSLstrip, ur maybank2u, pbebank will be monitored without SSL.
night_wolf_in, i do not mean to hurt ur feeling but, get your old school cisco rules knowledge away, go learn some linux and get certified with RHCE instead of CCNP anyway.
Unifi WARNING TO ALL UNIFI USERS, Threat warning, read inside