Your proposed subnets are good as you can easily summarize them and manage the access-list on the switch should you decide to stay with your plan of keeping it there. While I can see why some would advocate putting all the L3 interfaces on the firewall, it only makes it unnecessarily act as the router between/among Lab and staff subnets.
Which model of firewall to use depends more on the overall throughput you need. The data sheet shows that either model has more than enough throughput for your traffic volumes. Note that keeping local LAN-LAN traffic on the core switch keeps the ASA from having to carry that workload as well.
I would consider some of the ASA Next Generation Firewall services - CX (with WSE and AVC) or FirePOWER modules. Those give you the deep visibility into traffic and advanced protection capability that is alluded to with your placement of the web filtering appliance on your diagram.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...