I am looking for a little advice on a network design I will soon be implementing. Currently we have a home office that has 20 employees. In the home office we have an internal lan that has a lan server(dhcp,file server, print server, active directory), an application server, and an email server. The lan is connected to the internet by an 1811 that handles all of the routing, vpn for 3 site to site vpns and up to 5 ipsec individual vpn connections at a time, and firewall duties. To this I need to add a web server preferably in a separate dmz zone that can connect to a sql server inside the internal lan.
What I would like advice on is whether there is a need for a separate firewall device possibly to handle vpn duties and firewall activites, and a recommendation on the device.
I could also use advice on the best way to implement a secure connection from the web server to the sql server that would not expose my internal lan to unnecessary risk.