I'm in the process of re-designing my work's network to make it more secure and scalable. I've identified six different groups of hosts that would benefit from being on their own VLAN (internal network, secure DMZ, dirty DMZ, customer networks and a training network).
In terms of connectivity between them, there should be some form of access control or firewalling. I'm not sure what the best bit(s) of kit would be = should I look at a six port firewall (potentially expensive with little room to upgrade)? Should they all connect to a global VLAN switch which also hosts a router (the "router on a stick")? What about Layer 3 switches?
I know I can achieve the above by running a Linux server with multiple NICs and some routing and firewall scripts, but this seems a bit "home grown" and I want to know what the "best practice" is in this area.
Thanks in advance.