Ten years ago when I first deployed my network I only needed one subnet. I settled on a 192 subnet at that time with ".1" being my firewall to the Internet. As time went on all my servers came online on that subnet. I have added additional subnets over the years. Right now the interface for my firewall is on the VLAN for all my servers. The network is fully switched so don't think it is a huge problem but here is my question.
Would it be better to have my servers on a VLAN that is not on the same subnet as my firewall? I can see some pros to doing this. Is this the best practice?