I know this is yet another question on how to setup network but I hope you are not bored of such questions yet.
The site is also an office, so it includes windows dc, windows ad, exchange, sql, file sharing, development app servers and other pcs.
In addition to office (internal) things, there are both test and prod environments consisting of a web server-app server-sql stack. There is also ftp service open to public.
I consider:
dmz1 - web server - exchange edge - ftp
dmz2 - app server - sql for app server
internal - dc and ad - exchange hub and transport - internal file sharing - sql for internal use - app servers for internal use - pcs
public -> dmz1, only web, ftp and smtp public -> dmz2 not possible public -> internal not possible
dmz1 -> dmz2 is possible from web servers to app servers by using http or ajp dmz1 -> internal is only possible for exchange, otherwise not possible
dmz2 -> internal not possible
Does this sound ok ? Any other recommendations ? It will be configured using either MS ISA or Jupiter SSG. Thank you.