I'm looking at improving the network setup in our IDC and looking for some
advice - Currently we have the firewall connected to the external net connection
and then 3 internal networks. This box has 4 NIC's.

We are getting another box for the firewall and getting HA as we run checkpoint.
I'm thinking about reducing the number of NIC's in the firewall boxes from 4 to
2 and perhaps even 1. I'm planning on using VLAN tagging (802.1q) for sorting
out the networking as internally i do not want to change things.

Can someone advise me on if they think this is a good/bad idea? I've spoken to
Checkpoint support and they say that FW-1 is supported in this configuration so
i'm happy with things from that point of view. As we run this on Linux (or
SPLAT) i'm happy with the OS side of things also. Just looking for info on how
others run their networks to minimise single points of failure etc. The
switch(s) that i'm thinking about getting are going to have redundent PSU's etc
and be centrally manageable so that if i add another switch i can make them all
aware of each other and have packets go between the switches, as long as they
are on the same VLAN.

sound sensible?