INTRODUCTION: I'm in the beginning stages of planning a network at my home and want to run my initial plans past the Wilder's community to get your valuable input on the current design plans for my network topology... NETWORK REQURIEMENTS: 1) Running a secure business website with a database and e-commerce. The majority of e-commerce processing (and PCI compliance requirements) will be outsourced to a third party gateway processor. No sensitive customer data will be stored on my servers. 2) Personal Internet access for me and my family. 3) I want the business website part to be as secure as possible within the scope of a limited budget. If the business ever takes off, the web and database servers will be moved to a more professional installation / co-location. MY ORIGINAL PLANS: Originally, I was thinking of employing a DMZ using a three-legged firewall with the business and personal family computers on the same network, behind the firewall and the web server in the DMZ. An IT friend I talked to about this did not like this plan because of what he saw as a possibility where a family laptop could get a virus and then the virus would have back access to my business web server in the DMZ. MY CURRENT PLANS: So, my current plan involves creating two subnets behind a managed network security appliance (Maybe SonicWALL TZ100 ?). -- The first subnet would be for business with the web server in the DMZ and the database server and development servers behind the firewall. -- The second subnet would be for personal / family use. This will include family Internet access, and network access for media files, etc. MY QUESTIONS: 1) For a small business website with e-commerce and all sensitive customer data stored off site with a different company, does this proposed network topology sound adequate? If not, can you suggest any affordable improvements? 2) I have a networked Brother Laser printer that I would like to be able to print to from both the business and the family subnets. What's the best way to set things up so that the printer can be accessed from both subnets without creating an unnecessary security risk? (Or would it be better just to buy a second printer?) 3) I have one workstation that I would like to be able to access both networks with. Would the best (cheap, easy, safe, & secure) way to set this up? With two networks cards in the workstation? Would this create an unnecessary security risk? Or maybe just by manually switching network cables on the back of the workstation when I want to switch networks? Many thanks ahead of time!