Looking at moving away from our LA Internet and moving to our own.

If we do were going to use Smoothwall for our filtering and firewall.

Our current setup is we have 8 public IP's, which are mapped to Internal IPs with just the ports required opened up, so no DMZ.

So with Smoothwall i could do the same, but i am under the impression that a more secure design is to have a DMZ and put all internet facing services in that little network instead of the main, so if a server gets attacked, they cannot see the internal network, just other servers in the DMZ.

But then i start to look at things like Terminal Server, should that sit in the DMZ or the core network?, as that will need quite a few rules opened up between the DMZ and the core network.

Insight, (real time reporting to parent software) that needs to communicate with the SIMS SQL Server, so more rules.

So with the amount my internet facing servers have to talk to servers on the internal network is it just easier to stick with the current design of 2 networks (Internet, Internal) or go for 3 Network Design (Internet, DMZ, Internal) ?