I’d prefer the first one (and not only because I can see it much better ).
I don’t get second one but maybe if you have wlan on the adsl router and need to use it for internal network? What system is the firewall between internet and adsl router? A bridge firewall? Why do the WLAN/VPN clients have a separate firewall? Do you have some more examples/links of such configs?
My home setup as example:
Internet and VPN clients - Provider router (cable modem) - NethServer firewall/gateway/proxy/IPS/VPN (two interfaces) - NethServer DC/mail/webapps (only green)
I set my Nethserver gateway as DMZ host on my cable modem so any network traffic is forwarded from modem to my gateway This way I have full control on the Nethserver firewall and don’t have to reconfigure my modem for every port forward etc.