To ensure that only one firewall is inspecting traffic and handling NAT (Network Address Translation), your office firewall must be configured with your Public IP Address on its WAN port (interface). You may need your ISP's (Internet Service Provider) help to configure this.
Non-public IP Address would fall into IP ranges below. If you see an IP address on your firewall WAN port from the range below that means that your ISP modem is also acting as a firewall/router and is also engaging in NAT activities. You should then contact your ISP to help put your modem into “Bridge” or “Bridged” mode allowing a Public IP address to be assigned to your Firewall/Router.
A "bridged" configuration ensures that the modem supplied by your internet service provider isn't behaving as an additional firewall on your network. This ensures traffic will be handled correctly and without delay.
A NON-bridged topology enables the modem to behave as an additional firewall and NAT device on the network. This extra firewall is at best superfluous and at worst can cause frustrating connection issues. In order to avoid these problems, it is best to place the modem into bridge mode and let the office's main router handle all firewall, NAT, and routing functions.